from:"Stu Card"

Re: [Bug 1062623] Re: enable grub-2.00 boot-from-luks support

2024-06-13 Thread Stu Card

This was not strictly true of something we demonstrated in 2017: the 
capability based, formally verified, open source, Syracuse Assured Boot 
Loader Executive (SABLE), which used the "late launch" Dynamic Root of 
Trust for Measurement (DRTM) instructions available on AMD and Intel x86 
CPUs (skinit/senter) to decrypt an operating environment conditionally 
based on measurements of Trusted Computing Base (TCB) software modules 
extended into TPM Platform Configuration Registers (PCRs) matching 
values previously whitelisted by the system administrator. We were able 
to boot not only Ubuntu but also the formally verified seL4 microkernel. 
Upstream changes broke this. We have not had the resources both to 
maintain SABLE and patch the upstream changes, so SABLE has bit-rotted; 
when we obtain the necessary resources, we would really like again to be 
able to boot not only seL4 (our primary target) but also more popular 
kernels (primarily Linux where the distro that is our usual focus and 
tool is Ubuntu).

On 6/13/2024 8:40 AM, Julian Andres Klode wrote:
> ...
> Please note that encryption of /boot is security by obscurity: The data
> is encrypted, but not authenticated so it is still subject to chosen
> plaintext attacks, as is any encrypted data. You do not need obscurity
> for public knowledge like kernel and initrd content, it's only valuable
> for your personal private data.
> 
> A secure chain needs to authenticate the initrd against a certificate.
> For example, Ubuntu Desktop TPM FDE offers fully authenticated early
> boot environments...

-- 
Stuart W. Card, PhD: VP & Chief Scientist, Critical Technologies Inc.
Superior Engineering Solutions for Trustworthy Networked Autonomy
* Creativity * Diversity * Expertise * Flexibility * Integrity *
Suite 400 Technology Center, 4th Floor 1001 Broad St, Utica NY 13501
315-793-0248 x141 FAX -9710  www.critical.com

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1062623

Title:
  enable grub-2.00 boot-from-luks support

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1062623/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1565594] [NEW] failed to install bootloader on external LVM/LUKS disk

2016-04-03 Thread Stu Card

Public bug reported:

Attempting to install 14.04.4 bootloader on sdb (where sdb1 is LVM/LUKS
and occupies entire disk after MBR etc.) failed.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: ubiquity 2.18.8.12
ProcVersionSignature: Ubuntu 4.2.0-27.32~14.04.1-generic 4.2.8-ckt1
Uname: Linux 4.2.0-27-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
CasperVersion: 1.340.2
Date: Sun Apr  3 23:02:56 2016
InstallCmdLine: file=/cdrom/preseed/ubuntu.seed boot=casper 
initrd=/casper/initrd.lz quiet splash -- maybe-ubiquity
LiveMediaBuild: Ubuntu 14.04.4 LTS "Trusty Tahr" - Release amd64 (20160217.1)
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: grub-installer
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: grub-installer (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug trusty ubiquity-2.18.8.12 ubuntu

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1565594

Title:
  failed to install bootloader on external LVM/LUKS disk

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1565594/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 889619] Re: check-new-release-gtk crashed with TypeError in on_button_ask_me_later_clicked(): integer argument expected, got float

2011-11-12 Thread Stu Card

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889619

Title:
  check-new-release-gtk crashed with TypeError in
  on_button_ask_me_later_clicked(): integer argument expected, got float

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/889619/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1062623] Re: enable grub-2.00 boot-from-luks support

[Bug 1565594] [NEW] failed to install bootloader on external LVM/LUKS disk

[Bug 889619] Re: check-new-release-gtk crashed with TypeError in on_button_ask_me_later_clicked(): integer argument expected, got float

3 matches

Site Navigation

Mail list logo

Footer information