From: Daniel Axtens <dja@axtens.net>
To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
The development of GNU GRUB <grub-devel@gnu.org>,
Steve McIntyre <steve@einval.com>
Subject: Re: [PATCH] Remove HFS support
Date: Sun, 21 Aug 2022 00:13:18 +1000 [thread overview]
Message-ID: <87v8qnngu9.fsf@dja-thinkpad.axtens.net> (raw)
In-Reply-To: <a601f459-311a-28ba-95cb-3473ca4a6312@physik.fu-berlin.de>
>> As Daniel Axtens has been finding out, the HFS code is terrible in
>> terms of security. If you still need it for old/semi-dead machines,
>> maybe you should fork an older grub release and stay with that?
>
> I don't know what should be the deal with the security of a boot loader
> to be honest. If someone has access to your hardware so they can control
> your bootloader, you have much worse problems anyway.
>
> Forking is also a terrible idea as every forked package means having to
> track it manually.
Not to engage in the Debian specific parts of this, but fwiw the threat
model isn't hardware access. Firmware-enforced secure boot (e.g. UEFI,
AIX and Linux on PowerVM, whatever modern macs do) basically goes:
- assume an attacker gets root on a running system
- prevent the attacker from compromising the kernel
On Linux this takes 2 parts: some form of signing grub that gets
validated by firmware, and lockdown mode once Linux is booted.
Now I haven't really used a PowerMac since I was a kid, but if memory
serves, they had no concept of this. If you got access to Mac OS (or if
you got root on linux), there is no way to protect the kernel. There is,
in effect, no security boundary between root and the kernel.
Kind regards,
Daniel
>
> Adrian
>
> --
> .''`. John Paul Adrian Glaubitz
> : :' : Debian Developer
> `. `' Physicist
> `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
next prev parent reply other threads:[~2022-08-20 14:13 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-19 13:38 [PATCH] Remove HFS support Daniel Axtens
2022-08-19 13:57 ` Daniel Kiper
2022-08-19 14:03 ` John Paul Adrian Glaubitz
2022-08-19 17:57 ` Vladimir 'phcoder' Serbinenko
2022-08-20 14:23 ` Daniel Axtens
2022-08-19 18:09 ` Steve McIntyre
2022-08-19 18:38 ` John Paul Adrian Glaubitz
2022-08-19 19:04 ` Dimitri John Ledkov
2022-08-19 19:45 ` Vladimir 'phcoder' Serbinenko
2022-08-20 14:05 ` Daniel Axtens
2022-08-24 7:17 ` John Paul Adrian Glaubitz
2022-08-24 7:16 ` John Paul Adrian Glaubitz
2022-08-20 14:13 ` Daniel Axtens [this message]
2022-08-19 19:01 ` Vladimir 'phcoder' Serbinenko
2022-08-26 15:46 ` John Paul Adrian Glaubitz
2022-08-26 17:02 ` Vladimir 'phcoder' Serbinenko
2022-08-20 13:53 ` Daniel Axtens
2022-08-24 7:21 ` John Paul Adrian Glaubitz
2022-08-26 13:31 ` Daniel Axtens
2022-08-26 15:17 ` Vladimir 'phcoder' Serbinenko
2022-08-30 18:28 ` Robbie Harwood
2022-09-01 14:01 ` Daniel Axtens
2022-08-26 15:27 ` John Paul Adrian Glaubitz
2022-08-30 16:37 ` Robbie Harwood
2022-08-30 17:21 ` John Paul Adrian Glaubitz
2022-08-30 18:43 ` Robbie Harwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v8qnngu9.fsf@dja-thinkpad.axtens.net \
--to=dja@axtens.net \
--cc=glaubitz@physik.fu-berlin.de \
--cc=grub-devel@gnu.org \
--cc=steve@einval.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.