|
From: | phcoder |
Subject: | Re: GRUB hardened boot framework |
Date: | Sat, 28 Feb 2009 00:18:17 +0100 |
User-agent: | Thunderbird 2.0.0.19 (X11/20090105) |
As far as I understood Robert Millan was suggesting that just encrypting (but not verifying) your kernel is enough. I wanted to show wha it isn'tIf the code that does the authentication is loaded from the encrypted partition, without being checked, this is true, but we assume, that core.img is already loaded (and checked), so the authentication code is not on the encrypted partition, and can detect any tampering.
-- Regards Vladimir 'phcoder' Serbinenko
[Prev in Thread] | Current Thread | [Next in Thread] |