引导操作系统之前如何执行一些安全性验证? [英] How to perform some security verification before booting operating system?
问题描述
我有一个可引导的闪存盘,其中包含自定义的Ubunto,我想将闪存盘传递给未知的人,并且它存在一些安全问题.我想确保一个不知名的人不能更改闪存盘内容.因此,我想计算闪存内容的哈希值,并在每次启动时对其进行验证,并在验证失败或哈希值不匹配时阻止启动操作系统.
I have a bootable flash disk and it contains customized Ubunto, I want to pass the flash disk to an unknown person and it has some security issues. I want to be sure an unknown person couldn't change flash disk contents. hence I want to calculate hash of flash content and verify it on each boot and prevent booting OS if the verification failed or the hash goes mismatch.
为此,我应该进行引导加载程序编程,我正在寻找UEFI编程,但是我发现了一些文档和视频,而且我也不知道是选择UEFI还是BIOS.
for this purpose, I should do bootloader programming, I looking for UEFI programming but I found a few documents and videos, And also I do not know whether to select UEFI or BIOS.
因此,如果您能为我的问题提供帮助,并提供全面的解决方案或提出其他解决方案(自举程序编程除外),我将不胜感激.
so I would appreciate you if you could help me and provide a Comprehensive solution or suggest any other solution(except bootloader programming) for my problem.
推荐答案
我认为您走错了路.恕我直言,最简单的方法是使用UEFI的安全启动机制.为此,您只需要签名您的内核和需要保护的模块即可.
I think you are going the wrong way. IMHO, the easiest way is to use the secure boot mechanism of UEFI. For that, you just have to sign your kernel and the modules that need to be protected.
这篇关于引导操作系统之前如何执行一些安全性验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
