Hello. I wrote a patch to add sendkey functionality to grub2. After
loading sendkey module some new environments variables appear with which
one may control the sequence of keys that would be sent to OS or next
bootloader. This functionality is useful in different cases. One example
is entering "s
Hello, again
I had a look at your patch. In some mail it was suggested that kernel
patch should be split from module that uses it. So I resend the kernel
part of my patch. Another question is whether we need some kind of
abortion procedure (like in your patch) if a preboot hook fails.
Javier Martín
Sorry, forgot to attach
phcoder wrote:
> Hello, again
> I had a look at your patch. In some mail it was suggested that kernel
> patch should be split from module that uses it. So I resend the kernel
> part of my patch. Another question is whether we need some kind of
> abortion pro
Javier Martín wrote:
> But you negate any performance gain when you _do_ traverse the list to
> add an entry to it instead of just make it the new head as I do.
> Besides, even for that, double indirection should be avoided in the
> structure previous pointer because it makes things oh-so-incredibl
Well the interface is as we described: the module gives a callback
function which will be called before launching boot function. This
interface is enough for both (and probaly many other) needs. The only
problem is that callback functions can conflict with each other and with
boot function. E.g. if
Javier Martín wrote:
> El mar, 02-09-2008 a las 20:39 +0200, phcoder escribió:
>> +void
>> +grub_loader_remove_preboot (void *p)
>> +{
>> + if (!p)
>> +return;
>> + *(PREBOOT_HND(p)->prev_pointer)=PREBOOT_HND(p)->next;
> This line will "c
t if we don't do it now and then one day we'll have
to squeeze the core it will be very difficult to find places like this.
>
> -Habbit
>
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
Javier Martín wrote:
> El mié, 03-09-2008 a las 02:08 +0200, phcoder escribió:
>> Hello, again.
>> Javier Martín wrote:
>>> We have 63 sectors = 32256 bytes (sectors range from 0 to 63 and the
>>> first is used by the MBR).
>>>
>> I've just
Something like
grub_register_help (title, contents);
grub_unregister_help (title);
what do you think about it?
Vladimir 'phcoder' Serbinenko
P.S. Of course I'm ready to implement it
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
if this function can be implemented for more
FS) unless maintainers suggest that such function should be a part of
grub_fs. In this case a good idea would be to have 2 modules for
fat,ext2,...: one with swapfso and one without for core image.
Vladimir
improving boot process is to detect the prefix even if
partition map changed it can be done e.g. with UUID but this comprises a
security risk in case an attacker can plug a device (cdrom, floppy,
USB-memory,..) containing a partition with the same UUID. What do you
think about it
Vladimir 'ph
Robert Millan wrote:
> On Wed, Sep 03, 2008 at 11:42:44AM +0200, phcoder wrote:
>> Hello, all.
>> For some FS sometimes additional functions are needed. It could be some
>> type of control (e.g. in ZFS manage zpools) or preparation for OS
>> booting (e.g. in FAT put
Robert Millan wrote:
> On Wed, Sep 03, 2008 at 11:50:33AM +0200, phcoder wrote:
>> Hello, all.
>> Now when core image can be booted by multiple sources perhaps it would
>> be a good idea to recieve some boot arguments in case boot method (e.g.
>> multiboot) supports it.
Vesa Jääskeläinen wrote:
> phcoder wrote:
>> I was thinking about the scenario when ide drives are trusted but not
>> USB or removable devices. Cryptographic checksums wouldn't bring much
>> because if attacker can modify harddrive he can also modify GRUB to skip
>>
Hello. In this case we can transfer the whole functionality located in
kern/loader.c to a dedicated module boot.mod. This module will also
register "boot" command. In this way the encapsulation won't be broken
and kernel will become even smaller.
Vladimir 'phcoder' Ser
theese cases may be treated compactly and
efficiently?
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
Vesa Jääskeläinen wrote:
> phcoder wrote:
>> Hello. In this case we can transfer the whole functionality located in
>> kern/loader.c to a dedicated module boot.mod. This module will also
>> register "boot" command. In this way the encapsulation won't be b
ules we load. But in
this case after partial update or configuration modification a run
checksum-updater is necessary or at least user will have to enter his
password on the next boot.
>
> Thanks,
> Vesa Jääskeläinen
Vladimir 'phcoder' Serbinenko
Vesa Jääskeläinen wrote:
> phcoder wrote:
>> Yes it is, but in my opinion price is too high (shame ubuntu uses this
>> solution). It's somewhat similar to some solutions found in windows when
>> for user convenience they open a big gate for the hackers (e.g. a
Robert Millan wrote:
> On Wed, Sep 03, 2008 at 02:25:51PM +0200, phcoder wrote:
>> Robert Millan wrote:
>>> On Wed, Sep 03, 2008 at 11:42:44AM +0200, phcoder wrote:
>>>> Hello, all.
>>>> For some FS sometimes additional functions are needed. It could
Robert Millan wrote:
> On Wed, Sep 03, 2008 at 02:31:10PM +0200, phcoder wrote:
>>> I assume you talk about GRUB loading itself; what kind of information would
>>> you pass from one GRUB to the other?
>> Boot device,
>
> Multiboot already handles that (although i
code, he could also modify us)
>
> When you use crypto checksums, if you get a match why would you care if you're
> loading from (some-safe-disk) or from (evil-place)? It's the same data!
>
Yes it is. But I don't know how
Robert Millan wrote:
> On Wed, Sep 03, 2008 at 08:08:50PM +0200, phcoder wrote:
>> Hello. I was looking at the grub code and seen that if a disk has
>> multiple partition tables (e.g. macintel with bootcamp) then only first
>> one will be detected. In some cases it ca
BTW GPT module checks the protective MBR. In some cases when legay OS
modified the MBR it's no longer "protective MBR". And in theese cases
GRUB will refuse to boot. Isn't the magic number check enough?
Vladimir 'phcoder' Serbinenko
Robert Millan wrote:
> On Wed,
Hello. As I said in another email there is no need for it. I send a
patch for it.
Vladimir 'phcoder' Serbinenko
Javier Martín wrote:
> El mié, 03-09-2008 a las 20:53 +0300, Vesa Jääskeläinen escribió:
>> phcoder wrote:
>>> Hello. In this case we can transfer the wh
steps 6-7
in 32-bit mode) except for changing page tables. Such a helper can be
easily implemented as module and so help us removing asm-parts of
loaders from the kernel. If I recieve greenlight for it, I implement it.
Vladimir 'phcoder' Serbinenko
__
BTW. This helper would allow easy addition of many different kernels
(freedos, haiku, ntldr, ...)
Vladimir 'phcoder' Serbinenko
phcoder wrote:
> Hello. A long time ago I written a C+asm code which loads any given code
> at any real-mode location, then puts machine in correc
Robert Millan wrote:
> On Thu, Sep 04, 2008 at 11:27:20PM +0200, phcoder wrote:
>>> Could this be made more transparent? For example, with a variable.
>>>
>> Here perhaps it could be. But in other usage cases like putting the dos
>> boot files into the right p
I checked the archive found the thread "Idea: Move kernel to upper
memory". But what is discussed there is much more general about general
memory layout. Here I wanted to speak about just one function.
Vladimir 'phcoder' Serbinenko
Robert Millan wrote:
> On Fri, Sep 05, 2
any place not needed by kernel.
Vladimir 'phcoder' Serbinenko
Vesa Jääskeläinen wrote:
> phcoder wrote:
>> I checked the archive found the thread "Idea: Move kernel to upper
>> memory". But what is discussed there is much more general about general
>> m
t; supersede need for specialized loader.
Some OS have their reasons not to support multiboot. E.g. haiku and
freedos stick very near to their goal of reimplementation beos/dos and
as such they don't want anything that would be better
Vladimir 'phcoder' Serbinenko
Robert Millan wrote:
> On Thu, Sep 04, 2008 at 11:54:43PM +0200, phcoder wrote:
>> BTW GPT module checks the protective MBR. In some cases when legay OS
>> modified the MBR it's no longer "protective MBR". And in theese cases
>> GRUB will refuse to boot.
Robert Millan wrote:
> On Mon, Sep 08, 2008 at 08:27:05PM +0200, phcoder wrote:
>> Robert Millan wrote:
>>> On Thu, Sep 04, 2008 at 11:54:43PM +0200, phcoder wrote:
>>>> BTW GPT module checks the protective MBR. In some cases when legay OS
>>>> modified th
Robert Millan wrote:
> On Mon, Sep 08, 2008 at 08:27:05PM +0200, phcoder wrote:
>> Robert Millan wrote:
>>> On Thu, Sep 04, 2008 at 11:54:43PM +0200, phcoder wrote:
>>>> BTW GPT module checks the protective MBR. In some cases when legay OS
>>>> modified th
e familiar with build system fix this?
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
Robert Millan wrote:
> On Tue, Sep 09, 2008 at 02:50:56AM +0200, phcoder wrote:
>> Hello. I had conflicts in .mk files after "svn up" so I removed all the
>> .mk. common.mk and i386-pc.mk were regenerated correctly but not i386.mk
>> $ make
>> conf/i386-pc.m
Robert Millan wrote:
> On Tue, Sep 09, 2008 at 02:47:11AM +0200, phcoder wrote:
>> Robert Millan wrote:
>>> On Mon, Sep 08, 2008 at 08:27:05PM +0200, phcoder wrote:
>>>> Robert Millan wrote:
>>>>> On Thu, Sep 04, 2008 at 11:54:43PM +0200, phcoder wrote
Hello,all. I was busy studying so wasn't watching the list. Is there a
particular reason why my patch still isn't incorporated?
Thanks
phcoder
Javier Martín wrote:
El lun, 08-09-2008 a las 23:25 +0300, Vesa Jääskeläinen escribió:
Javier Martín wrote:
El lun, 08-09-2008 a las 22:48 +
I did. The discussion seems to simply have died out without any official
response
Thanks
Vladimir 'phcoder' Serbinenko
Vesa Jääskeläinen wrote:
phcoder wrote:
Hello,all. I was busy studying so wasn't watching the list. Is there a
particular reason why my patch still isn
Testing grub I noticed this bug. Here is bugfix
Vladimir 'phcoder' Serbinenko
Index: normal/cmdline.c
===
--- normal/cmdline.c(revision 1959)
+++ normal/cmdline.c(working copy)
@@ -148,6 +148,7 @@
{
s
I do not remember seeing a problem here. So what is actually the problem
and how to reproduce it?
I booted GRUB2 by GRUB-Legacy, command prompt appeared and worked but
there were no cursor. I think the same problem appears when the user
opens command line from the menu.
Vladimir 'ph
Sorry it seems that my fs was corrupted which caused failure at install.
fsck and reinstall fixed the problem
Thanks
Vladimir 'phcoder' Serbinenko
Vesa Jääskeläinen wrote:
phcoder wrote:
I do not remember seeing a problem here. So what is actually the problem
and how to reproduce it?
e but
for illustration
Thanks
Any opinion is appreciated
Vladimir 'phcoder' Serbinenko
Index: conf/i386.rmk
===
--- conf/i386.rmk (revision 1962)
+++ conf/i386.rmk (working copy)
@@ -14,3 +14,8 @@
vga_text_mod_SOURCES = t
Hello, I was looking through the code and have seen that bsd and
multiboot code uses helpers in the kernel. In this patch I propose to
move these function to their respective modules
Thanks
Vladimir 'phcoder' Serbinenko
Index: conf/i
Bandan wrote:
(sorry phcoder and Vesa Jääskeläinen ! ).
NP
Personally, I would like to start with "uppermem" as I have already
gone through the relevant code and it will be easier for me to start with
it.
Uppermem is i386-bound. I propose more general format:
meminfo [-l] [-s
This patch adds -p option for grub-setup on i386-pc. Without it install
to any prefix different from /boot/grub failed
Thank
Vladimir 'phcoder' Serbinenko
Index: util/i386/pc/grub-setup.c
===
--- util/i386/pc/gr
After speaking with daChaac on IRC some problems with patch were
identified. Fixed now
Thanks daChaac.
phcoder
phcoder wrote:
This patch adds -p option for grub-setup on i386-pc. Without it install
to any prefix different from /boot/grub failed
Thank
Vladimir 'phcoder' Serbinenk
Hello. On new mac laptops waiting for keyboard event causes random
hangs. Bugfix attached
Thanks
Vladimir 'phcoder' Serbinenko
Index: ChangeLog
===
--- ChangeLog (revision 1967)
+++ ChangeLog (working copy)
@@
Fixed
Pavel Roskin wrote:
On Tue, 2009-02-03 at 22:30 +0100, phcoder wrote:
- status = efi_call_3 (b->wait_for_event, 1, &(i->wait_for_key),
&index);
+ /* status = efi_call_3 (b->wait_for_event, 1,
&(i->wait_for_key), &index);
if
Hello. Here is the patch to remove trailing spaces from FAT label. These
spaces generally aren't considiered to be part of label
Thanks
Vladimir 'phcoder' Serbinenko
Index: fs/fat.c
===
--- fs/fat.c (revision 197
ne is IMHO a
severe limitation to module infrastructure
Thanks
Vladimir 'phcoder' Serbinenko
phcoder wrote:
Hello, I was looking through the code and have seen that bsd and
multiboot code uses helpers in the kernel. In this patch I propose to
move these function to their respective mod
Sorry, Changelog entry was wrong:
+2009-02-04 Vladimir Serbinenko
+
+ Add prefix option for grub-setup
+
+ * util/i386/pc/grub-setup.c (main): Add -p option.
+ (setup): additional argument prefix_dir
Thanks
Vladimir 'phcoder' Serbinenko
phcoder wrote:
After spe
ay as long names (supported only by some OS).
Unifying the code would make these labels accessible. So I'll write a
new proposition soon.
Thanks
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists
hanks
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
Hello. In text mode bits_per_pixel isn't set. Because of it
grub_vbe_set_video_mode refuses to go back to text mode after vbetest
command. Here is a bugfix
Thanks
Vladimir 'phcoder' Serbinenko
Index: vide
olor depth
Unfortunately framebuffer_address and bytes_per_scanline is missing from
struct grub_video_mode_info. I propose to add it to this structure
Thanks
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://l
s are probed at last. Should we add a priority field for this?
Thanks
Vladimir 'phcoder' Serbinenko
Felix Zielcke wrote:
Here's a little patch to check if
bpb.version_specific.fat12_or_fat16.fstype or
bpb.version_specific.fat32.fstype has the string FAT12/FAT16/FAT32
As can be seen
nu separately:
E.g
gfxmode=vnc
[..]
menuentry "Darwin" {
xnugfx=vbe
[...]
}
Thanks
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
Currently GRUB tries first the filesystem which was loaded at last. If
you do
rmmod ext2
insmod ext2
then ext2 will be probed first. If we want reliable ordering we need
priority field.
Thanks
Vladimir 'phcoder' Serbinenko
Felix Zielcke wrote:
Am Freitag, den 06.02.2009, 07:07 +01
You might want to have a look at lsmmap function
Vladimir 'phcoder' Serbinenko
Bandan wrote:
First thing's first; I finally realized while getting my daily dose of grub2
that I had unintentionally tried to post my message in a wrong thread
here :
http://lists.gnu.org/archive/
this change would prevent integrating e.g. _linux
in the core. But modules for loading kernels are often reltively big
since they have to treat multiple versions of boot protocol.
It also seems that some parts of my patch were missing. I send a
completed version.
Thanks
Vladimir 'phcoder&#
states. In few days I'll send two patches with your
suggestions
Also, it'd be better if you can submit two separate patches, one for BSD
and one for Multiboot.
Thanks
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Gru
ernel starts in "tabula
rasa". An example is my system with widescreen. To init
widescreen special commands specific to my framebuffer controller are
necessary. So if grub2 sets it kernel can start in
undistorted video mode.
Thanks
Vladimir 'phcoder' Serbinenko
Hello. I've run into the bug that when editing menu entry in gfxterm
characters disappear after cursor moves away from its position. Here is
bugfix
Thanks
Vladimir 'phcoder' Serbinenko
Index: term/gfxterm.c
===
---
Bugfix. Patch attached
Vladimir 'phcoder' Serbinenko
Index: fs/hfsplus.c
===
--- fs/hfsplus.c (revision 1985)
+++ fs/hfsplus.c (working copy)
@@ -899,8 +899,8 @@
grub_fshelp_node_t node)
{
grub_
Hello!
I don't know the linux booting protocol in details but it looks like you
patch replaces one arbitrary limit (256) by another (4096). Is there any
way of avoiding any arbitrary limit at all wothout modyfiing boot protocol?
Thanks
Vladimir 'phcoder' Serbinenko
Jan Alsenz wr
ng
kernel and see if it complains about not being able to mount root. Can
someone test it with complete system?
Thanks
Vladimir 'phcoder' Serbinenko
Index: kern/i386/loader.S
===
--- kern/i386/loader.S (revision 1989)
++
grub_unix_real_boot
* loader/i386/bsd.c (grub_freebsd_boot): Replaced call to
grub_unix_real_boot by direct call of kernel
(grub_netbsd_boot): Likewise
(grub_openbsd_boot): Likewise
phcoder wrote:
Hello. Asm helper functions for bsd aren't really n
here...
* include/grub/i386/multiboot.h: ...moved here
* loader/i386/pc/multiboot.c: Added include of
grub/cpu/multiboot.h
Thanks
Vladimir 'phcoder' Serbinenko
Index: conf/i386-pc.rmk
===
--- conf/i
fooling the user. So no way to read these. To test mixed
case labels be sure that mlabel reports it as mixed case.
Thanks
Vladimir 'phcoder' Serbinenko
Index: ChangeLog
===
--- ChangeLog (revision 1989)
+++ ChangeLog (working cop
Here's the patch to add a replacement for old "makeactive" command
New syntax is
activate PARTITION
E.g.
activate hd0,1
Regards
Vladimir 'phcoder' Serbinenko
Index: ChangeLog
===
--- ChangeLog (revision 198
With this patch fat became case-sensitive which is probably wrong.
Corrected version of patch attached
Sorry
Vladimir 'phcoder' Serbinenko
phcoder wrote:
Hello. Now the handling of FAT-labels keeps the trailing spaces and
ignores VFAT label generated by mlabel tool. Here is th
Pavel Roskin wrote:
On Wed, 2009-02-11 at 14:43 +0100, phcoder wrote:
Here's the patch to add a replacement for old "makeactive" command
New syntax is
activate PARTITION
E.g.
activate hd0,1
Is it necessary to change the name? I think "makeactive" is a better
name for
Hello. Here is the patch to support mtime. This is a prerequisite for
-nt test which can be very useful for e.g. finding last compiled kernel
Also in the same time it makes the dir call easily extendable
Regards
Vladimir 'phcoder' Serbinenko
Index: conf/
Made corrections to issues pointed by Vesa Jääskeläinen
Regards
Vladimir 'phcoder' Serbinenko
phcoder wrote:
Hello. Here is the patch to support mtime. This is a prerequisite for
-nt test which can be very useful for e.g. finding last compiled kernel
Also in the same time it makes th
Here I attach updated version
Regards
Vladimir 'phcoder' Serbinenko
phcoder wrote:
Sorry, Changelog entry was wrong:
+2009-02-04 Vladimir Serbinenko
+
+Add prefix option for grub-setup
+
+* util/i386/pc/grub-setup.c (main): Add -p option.
+(setup): additional argument
./configure:577:PACKAGE_VERSION='1.96'
BandiPat wrote:
Hey guys, where does it specify the initial screen border title?
(GNU GRUB version 1.96)
I would at least like to change that for the Zenwalk build, if that's
ok? I've looked in several pieces of the code, but can't seem to find it.
Than
uz-3
-plt vmlinuz-11 ] is true) and biased -nt/-ot which adds s specified
amount of seconds to mtime.
Regards
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
Sorry forgot to attach the file
phcoder wrote:
Hello. Here is an implementation of bash-like "test" command. Many file
tests are omitted because they are useless in grub (e.g. -c test). I
also added 3 extension: lexicographical comparing, prefixed -gt and -lt
(it skips common pref
int num);
For the first level a fake grub_partition_t describing the whole disk
will be created
What do you think about such a design?
Regards
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.
Hello. Here is bugfix
Regards
Vladimir 'phcoder' Serbinenko
Index: kern/disk.c
===
--- kern/disk.c (revision 1994)
+++ kern/disk.c (working copy)
@@ -47,7 +47,7 @@
int grub_disk_firmware_is_tainted;
orrow I'll find sth)
Regards
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
nd not returnable booters.
grub_machine_prepare_for_os and preboot_hooks in my proposition patch
would then be extended with second function which is called upon the
return to undo the action of the hook itself
Regards
Vladimir 'phcoder' Serbinenko
phcoder wrote:
Hello. I found a serious problem
Hello. multiboot implementation of grub2 isn't complete yet. This is one
possible reason. Can you supply us with the output of displaymem under
grub1 and of lsmmap under grub2
Regards
Vladimir 'phcoder' Serbinenko
Emmanuel Jeanvoine wrote:
Hi all,
I try to boot a Xen dom0
advantages
but dissmisses the technology as whole and I agree with them.
However, I'm neither a grub maintainer nor fsf representative.
Regards
Vladimir 'phcoder' Serbinenko
Alex Besogonov wrote:
I know that TPM has been mentioned several times on this list. With
absolutely inade
nd fast signatures.
I personally would be interested in implementing security features in
grub2 as long as tpm stays away
Regards
Vladimir 'phcoder' Serbinenko
Alex Besogonov wrote:
On Wed, Feb 18, 2009 at 11:05 PM, Jan Alsenz wrote:
I've recently started porting TrustedGRUB (
http://so
e the whole hardware
all you need is being able to read tpm and write to serial port. Then
you can simply read the key at your serial console. Actually bios isn't
protected. It's just obfuscated.
Regards
Vladimir 'phcoder' Serbinenko
_
rver over unsecure network.
In the same time he can always choose to boot unsigned OS by providing
his password
Regards
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
ested in implementing security features in
grub2 as long as tpm stays away
Then that's a religion, not engineering.
Tell it what you want but I don't trust code that I can't verify. And
tpm is root of obfuscation.
PS: please, can you CC me when you answer my posts?
ebody in wheel group basing on /etc/passwd, /etc/shadow
and /etc/group. In this case tpm-keyretrieve module may be developed
outside of main trunk and if someone wants it he can download it
Regards
Vladimir 'phcoder' Serbinenko
Michael Gorven wrote:
On Friday 20 February 2009 02:29:50 J
ng as standalone program
Regards
Vladimir 'phcoder' Serbinenko
/* -*-Asm-*- */
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2009 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public Licen
first sector plays a special role. So I propose first sector
to be moved to a separate file and then at install time grub-mkimage or
grub-setup can take care of choosing right one depending on options
supplied by user (plain or SHA-1 boot)
Regards
Vladimir 'phcoder'
n can be used.
Greets,
Jan
Regards
Vladimir 'phcoder' Serbinenko
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
this scheme is
totally unsecure under these assumptions. However I recognise that it
can be useful in some cases.
Regards
Vladimir 'phcoder' Serbinenko
Javier Martín wrote:
El vie, 20-02-2009 a las 20:02 -0500, Isaac Dupree escribió:
Jan Alsenz wrote:
Yes, that was my point. You need
of it. I do only as much as I can and never claim to
achieve something which is theoretically impossible
Regards
Vladimir 'phcoder' Serbinenko
Jan Alsenz wrote:
If not, who checks the MBR?
This can't be done by grub because it happens before any part of grub is
loaded. to verif
And in this scenario the encryption key would also be in flash. Since
you can't boot unchecked software and normal linux security wouldn't
allow you to read flash unless you have the root password you can't
recover the key
Regards
Vladimir 'phcoder' Serbinenko
Robert M
BTW some BIOSes have an option "boot virus protection" which checks the
mbr and doesn't need tpm. Then password-protecting BIOS and storing key
in flash and cutting write wire will achieve greater security that tpm
Regards
Vladimir '
arketing security". I
suppose companies and engineers know that their claims are false still
say it because their salaries depend on how well their product is sold
Regards
Vladimir 'phcoder' Serbinenko
Alex Besogonov wrote:
On Sat, Feb 21, 2009 at 3:46 PM, Robert Millan wrote:
Yes,
signed
public key. Then you still have a choice to regenerate your key but it's
simply equivalent to "but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all.". It's
equivalent to just smashing your tpm.
Regards
Vladimir
bit is supported for now
-efiemu runtime is now has to be compiled separately
Regards
Vladimir 'phcoder' Serbinenko
efiemu.tgz
Description: application/compressed-tar
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
1 - 100 of 4346 matches
Mail list logo
