| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220706001233.GA5802@srcf.ucam.org>
Date: Wed, 6 Jul 2022 01:12:33 +0100
From: Matthew Garrett <mjg59@...f.ucam.org>
To: Brendan Trotter <btrotter@...il.com>
Cc: The development of GNU GRUB <grub-devel@....org>,
Ard Biesheuvel <ardb@...nel.org>,
Daniel Kiper <daniel.kiper@...cle.com>,
Alec Brown <alec.r.brown@...cle.com>,
Kanth Ghatraju <kanth.ghatraju@...cle.com>,
Ross Philipson <ross.philipson@...cle.com>,
"piotr.krol@...eb.com" <piotr.krol@...eb.com>,
"krystian.hebel@...eb.com" <krystian.hebel@...eb.com>,
"persaur@...il.com" <persaur@...il.com>,
"Yoder, Stuart" <stuart.yoder@....com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
"michal.zygowski@...eb.com" <michal.zygowski@...eb.com>,
James Bottomley <James.Bottomley@...senpartnership.com>,
"lukasz@...rylko.pl" <lukasz@...rylko.pl>,
linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
James Morris <jmorris@...ei.org>
Subject: Re: Linux DRTM on UEFI platforms
On Wed, Jul 06, 2022 at 09:33:23AM +0930, Brendan Trotter wrote:
> The only correct approach is "efi-stub -> head_64.S -> kernel's own
> secure init"; where (on UEFI systems) neither GRUB nor Trenchboot has
> a valid reason to exist and should never be installed.
Surely the entire point of DRTM is that we *don't* have to trust the
bootloader?
Powered by blists - more mailing lists