New Secure Boot Patches Break Hibernation 196
hypnosec writes "Matthew Garrett published some patches today which break hibernate and kexec support on Linux when Secure Boot is used. The reason for disabling hibernation is that currently the Linux kernel doesn't have the capability of verifying the resume image when returning from hibernation, which compromises the Secure Boot trust model. The reason for disabling the kexec support while running in Secure Boot is that the kernel execution mechanism may be used to load a modified kernel thus bypassing the trust model of Secure Boot."
Before arming your tactical nuclear flame cannon, note that mjg says "These patches break functionality that people rely on without providing any functional equivalent, so I'm not suggesting that they be merged as-is." Support for signed kexec should come eventually, but it looks like hibernation will require some clever hacking to support properly in a Restricted Boot environment.
Why is this a story again? (Score:3, Insightful)
A patch that is not going to be merged into the kernel proper breaks hibernation with secure boot in Linux...some editor is trying desperately hard to get a flame war started. If you're really that desperate for ideas try something creative, like creating a fake petition to have Minecraft converted from Java to C#. It's not hard to start a flame war.
Fucktard.
Re:Meh. Hybernation is overrated (Score:2, Insightful)
No, "Secure" Boot is overrated. Very few people have any need for it; mostly a tool for corporate entities to strong-arm others in to complying with their every whim.
Fuck Secure Boot (Score:5, Insightful)
It's my goddamn computer, my goddamn hardware, and it's MINE. I will run any fucking operating system I goddamn well please on it, and if Microsoft doesn't like that, they can FUCK THEMSELVES right in the GODDAMN EAR.
Re:Certificates can be revoked (Score:4, Insightful)
Is no one else here alarmed at the unreasonable amount of power Microsoft has over the future of GNU/Linux on Secure Boot platforms?
That alone should be cause enough to lobby hardware manufacturers to have secure boot abolished and to hell with those little "Works with Windows 8" stickers.
Microsoft have already mandated that systems with ARM platforms MUST NOT have an option to disable Secure Boot. Therefore the only software that will boot on these systems is software that Microsoft has blessed. I know they would love nothing more to dictate such terms on x86 hardware too. I predict that within five years, notwithstanding active opposition RIGHT NOW, they will do exactly this.
This, like climate change, is something I really, really hope I am wrong about but fear that I am not.
Re:Conceptually.. (Score:5, Insightful)
The kernel can execute ring 0 instructions. Your initrd can't. The difference is that you could construct an appropriately modified hibernation image that booted an arbitrary kernel - or even an entirely separate OS. In that scenario, your kernel is effectively a new bootloader, except unlike the signed bootloaders it'll happily boot an entirely unsigned OS. That's unlikely to end well.
But, conceptually, you're right. Secure Boot doesn't magically make a system secure, but it *is* a vital part of system security - if you can't trust your kernel, any other security you attempt to build is pretty much pointless.
Re:Fuck Secure Boot (Score:5, Insightful)
Why the downmods? Yeah, maybe the AC was just trolling, but his overall point I actually agree with. If anything, it should've been modded +1 "Funny" for the "fuck themselves in the god damn ear" part.
Re:To many X86 servers do not boot Windows (Score:5, Insightful)
To many X86 servers do not boot Windows for them to try to push that kind of lock down.
Yeah, so? Your $1,000 server motherboard will still be able to run Linux. Doesn't help the rest of us.
If you give Microsoft the power to control what software will and won't run, then they will use it, sooner or later. It's a fscking retarded idea.
Re:Sign the hibernation file (Score:4, Insightful)
The point of secure boot is vendor lockin. The point of Linux is to not be locked to a vendor.
Re:Why?? (Score:4, Insightful)
No, I think he's straight on. Secure boot stems from a broken threat model: that kernel access is extremely important. I know about userspace security, but the kernel already secures userspace without secure boot and proper privilege separation secures the kernel. Secure boot is a way of securing the system from root, which is futile (look at SELinux, for example).
This is primarily a technology for vendor lock-in. Always has been, always will be.
Re:Sign the hibernation file (Score:5, Insightful)
"DRM is to promote sales through reducing piracy "
No, the point of DRM is to increase profits by removing a potential threat to sales. The point of secure boot is potentially lock hardware to the operating system. The chain of proof is just a selling tactic at best but irrelevant as there are a myriad of ways to compromise a system for those with the will to do so. It's more effective as a wedge to eventually control hardware manufacture. Remember this kind of behavior wouldn't be new for Microsoft.