On Mon, Feb 6, 2017 at 2:04 PM, Matthew Garrett <mj...@srcf.ucam.org> wrote:
> On Mon, Feb 06, 2017 at 09:53:57AM -0800, Jon McCune wrote: > > > I'm not sure about measuring the commands that GRUB runs. GRUB's config > > file is a shell-like language, and measuring that file should give a > pretty > > good indication of its behavior. In the grey area between "what is code?" > > and "what is data?", making the case that grub.cfg is code seems > feasible, > > which greatly simplifies the work of whatever verifies attestations or > > binds/seals data. Although, implementations for these two don't really > seem > > to be in conflict so maybe GRUB could be configured one way or the other. > > I'm concerned that the language gives enough flexibility that we don't > know that for sure - for instance, if a regularly used command is > vulnerable to a buffer overflow, there's no way to determine whether > that occurred. Measuring each command before it's executed gives us some > further assurance in that respect. This is a good point. I'd still like to express a preference that it be optional. > Calculating the expected values is > still pretty easy, and if they're logged then you can have a regex-based > engine for remote validation. > > Thanks, -Jon
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel