Secure Boot System
Wed, 07/30/2008 - 16:28 — drupal
ATS have just recently finished building a secure boot system for a highly regulated industry.
Multiple boot and data partitions were configured on a standard flash. Grub was then modified to use Steve Reid's SHA-1 algorithm to check the externally produced signatures for correctness. These signatures were contained within inter-partition gaps so that they could not be seen using ordinary tools. The implementation was such that multiple partitions could be marked as either kernel or data and thus a single invalid partition would not stop the overall system from booting.
Adding inter-partition gaps and then integrating security with grub has given us a new appreciation of the complexities of boot loaders.
- Login to post comments