[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Strong Crypto Support for GRUB2

From: Simon Peter
Subject: Strong Crypto Support for GRUB2
Date: Sun, 2 Sep 2007 14:17:36 +0200


along the lines of a FeatureRequests GRUB2 Wiki entry I made earlier, I
added strong cryptography support to GRUB that allows Linux encrypted
partitions to be read. The patch is attached.

It currently features AES support, both in ECB and CBC mode with
Linux-style "plain mode" sector-based initialization vectors and
256-bit keys. The RIPEMD 160-bit hash function is also supported.

Support for encrypted devices is strongly modelled after Linux'
dm-crypt module: A device-mapper command called 'devmap' is included to
map devices or partitions onto virtual devices that transparently
decrypt data (encryption is not fully implemented yet, but should be a
breeze to add as all functions are already there). Key size mangling is
identical to that of Linux' cryptsetup command.

Cryptographic functionality is modularized and decoupled from the device
mapper so other modules can freely use it as well. Things like
encrypted serial or network connections to GRUB are conceivable, for

LUKS is not supported yet, but I'm thinking about it (I don't currently
need it personally, that's why). I'd be glad for any help.

As stated in the Wiki entry, the main motivation for this is to get rid
of unencrypted boot partitions and have an encrypted kernel and initrd,
which, besides being a lot easier to maintain, also greatly enhances
security (details in the Wiki entry).


Attachment: crypto.dif
Description: video/dv

reply via email to

[Prev in Thread] Current Thread [Next in Thread]