New Secure Boot Patches Break Hibernation 196
hypnosec writes "Matthew Garrett published some patches today which break hibernate and kexec support on Linux when Secure Boot is used. The reason for disabling hibernation is that currently the Linux kernel doesn't have the capability of verifying the resume image when returning from hibernation, which compromises the Secure Boot trust model. The reason for disabling the kexec support while running in Secure Boot is that the kernel execution mechanism may be used to load a modified kernel thus bypassing the trust model of Secure Boot."
Before arming your tactical nuclear flame cannon, note that mjg says "These patches break functionality that people rely on without providing any functional equivalent, so I'm not suggesting that they be merged as-is." Support for signed kexec should come eventually, but it looks like hibernation will require some clever hacking to support properly in a Restricted Boot environment.
Why is this a story again? (Score:3, Insightful)
A patch that is not going to be merged into the kernel proper breaks hibernation with secure boot in Linux...some editor is trying desperately hard to get a flame war started. If you're really that desperate for ideas try something creative, like creating a fake petition to have Minecraft converted from Java to C#. It's not hard to start a flame war.
Fucktard.
Certificates can be revoked (Score:5, Interesting)
A patch that is not going to be merged into the kernel proper breaks hibernation with secure boot in Linux
Perhaps the fear is that if the patch is not merged, Microsoft will revoke the certificates that have been used to sign mainstream GNU/Linux distributions.
Re: (Score:2)
Perhaps the fear is that if the patch is not merged, Microsoft will revoke the certificates that have been used to sign mainstream GNU/Linux distributions.
My thoughts too. I'm sure that MS has requirements that you will have to meet for MS to allow you to sign a bootstrapper, like e.g. requiring that the user is prompted and alerted to the fact that the system is booted to an alternate OS. Otherwise (if they allowed silent boots to non-Windows OSes) they would risk a rootkit simply silently booting a Linix and then Windows within a compromised VM. However, it is hard to see how an attack using the Linux hibernation and/or kexec vectors could lead to a comprom
Re: (Score:3)
While you would not expect such an elaborate design as a form of mass public malware, consider how effective this would be with a more targeted attack.. the trusted boot process nullified to trivially.
Re:Certificates can be revoked (Score:4, Insightful)
Is no one else here alarmed at the unreasonable amount of power Microsoft has over the future of GNU/Linux on Secure Boot platforms?
That alone should be cause enough to lobby hardware manufacturers to have secure boot abolished and to hell with those little "Works with Windows 8" stickers.
Microsoft have already mandated that systems with ARM platforms MUST NOT have an option to disable Secure Boot. Therefore the only software that will boot on these systems is software that Microsoft has blessed. I know they would love nothing more to dictate such terms on x86 hardware too. I predict that within five years, notwithstanding active opposition RIGHT NOW, they will do exactly this.
This, like climate change, is something I really, really hope I am wrong about but fear that I am not.
Re: (Score:3)
Microsoft have already mandated that systems with ARM platforms MUST NOT have an option to disable Secure Boot.
if they ship with Windows 8 RT.
There is nothing stopping asus/acer/google/ and who ever else out there from releasing ARM platforms with secure boot configured any way they like.
Perhaps, at worst, we are reaching a point int time where if you want a Windows PC you will buy one, and if you don't want a windows PC you will buy one without windows.
And the people looking to take a windows PC and conve
Re:Certificates can be revoked (Score:5, Interesting)
I just bought a very nice laptop from System76. Good price/performance, fantastic Linux comparability, and no Microsoft tax. I figured I might as well put my money where my mouth is on supporting vendors that have good support for Linux.
Re: (Score:3)
Once Linux PCs are mail order only (Score:2)
and if you don't want a windows PC you will buy one without windows.
Good luck finding a PC without Windows that isn't made by Apple in U.S. retail chains. Good luck figuring out how to try the keyboard and screen of a laptop made something like System76 before buying. And good luck connecting the laptop to the Internet should major home ISPs adopt Trusted Network Connect [slashdot.org] as a measure against spam, viruses, and mass copyright infringement.
Re: (Score:2)
Good luck finding a PC without Windows that isn't made by Apple in U.S. retail chains.
Fast forward to a world of locked bootloaders and I could see PC vendors having a "no-OS, bare hardware, unlocked bootloader" checkbox on every single system they sell.
It would cost vendors little to do this.
The reason that it doesn't exist today is because you can already buy any computer you like and put whatever you want on it. So there is no real advantage in offering a no-OS, hardware only solution.
Crusade against the "naked PC" (Score:2)
Fast forward to a world of locked bootloaders and I could see PC vendors having a "no-OS, bare hardware, unlocked bootloader" checkbox on every single system they sell.
Unless Microsoft changes the terms of the Windows OEM license to make it economically infeasible to offer such an option, such as its crusade a few years ago against the "naked PC" [zdnet.com].
It would cost vendors little to do this.
Other than likely having to pay full retail for Windows if the same company sells PCs without an operating system.
Re: (Score:2)
Microsoft have already mandated that systems with ARM platforms MUST NOT have an option to disable Secure Boot. Therefore the only software that will boot on these systems is software that Microsoft has blessed.
That's just plain wrong. Samsung can ship Android tablets just fine without it even having Secure Boot.
Last I heard, Samsung shipped a lot of "ARM platforms" with Android and Windows 8 PCs and Windows RT tablets just fine so that means jack shit.
Re: (Score:2)
Perhaps I should have been clearer:
Microsoft have already mandated that systems with ARM platforms MUST NOT have an option to disable Secure Boot, in order to qualify for Windows 8 hardware certification.
Source [microsoft.com]:
Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot
Re: (Score:2)
Unlike Intel, the market of ARM hardware does not have Microsoft as a dominant player - indeed, its market share there is minuscule. If you want to buy an ARM device that runs Linux, you've got plenty of choices, from Chromebooks to various Android tablets to dedicated GNU/Linux devices. I very much doubt that Linux kernel developers (or the community as a whole) really care that much about the ability to install Ubuntu on their Surface.
To many X86 servers do not boot Windows (Score:2)
To many X86 servers do not boot Windows for them to try to push that kind of lock down.
Re:To many X86 servers do not boot Windows (Score:5, Insightful)
To many X86 servers do not boot Windows for them to try to push that kind of lock down.
Yeah, so? Your $1,000 server motherboard will still be able to run Linux. Doesn't help the rest of us.
If you give Microsoft the power to control what software will and won't run, then they will use it, sooner or later. It's a fscking retarded idea.
Re: (Score:2)
If you give Microsoft the power to control what software will and won't run, then they will use it, sooner or later. It's a fscking retarded idea.
And how exactly would one do that? You mean every motherboard manufacturer is going to build every one of their products locked to Windows 8?
Re: (Score:2)
And how exactly would one do that? You mean every motherboard manufacturer is going to build every one of their products locked to Windows 8?
They don't need to.
Linux didn't get where it is today - where more and more non-technical people are trying it every day, where lots of people are saying "actually... this is pretty good. Shame it's terrible for X (where X is something like games) or I'd switch in a heartbeat" overnight. It was a long journey consisting of thousands of baby steps.
For much of that time, very few would even contemplate trying Linux on the desktop.
If - and while it's a big "if", I don't think it's an inconceivable one - Micros
Re: (Score:2)
Is no one else here alarmed at the unreasonable amount of power Microsoft has over the future of GNU/Linux on Secure Boot platforms?
This is one of the reasons why I'm very behind what Valve are doing now - they are pushing for OS independent systems. Yes, they have DRM. They also provide a service better than your games on disks too. I'm absolutely hoping they'll push steam hard, and bring linux with them.
The only reason I use Windows is for games. If there was another place I could get new, big games
Re: (Score:2)
The only reason I use Windows is for games. If there was another place I could get new, big games, I'd switch in a heartbeat.
If you're willing to give up all amateur games, you could always switch to a console.
Re: (Score:2)
It's not just about the stickers. It's about the OEM volume deals that come with the stickers. Lose the sticker, and the per-unit licensing cost shoots up by a hundred dollars or so, in an industry where the margin is less than that. As it's not practical to mass-market a machine running anything other than Windows (Imagine the return rate by uneducated users - most of them don't even know what an operating system is), that means that when MS demands something the OEMs have no option but to comply.
Re: (Score:2)
For a (near) monopoly to do that is a clear breach of EU competition law. Expect someone to realise this will solve Greece's debt problems very soon.
Re: (Score:2)
The EU already chewed Microsoft up over antitrust once.
86-DOS by SCP (Score:2)
How in the world has Microsoft, one single software firm, managed to usurp power enough to dictate to hardware manufacturers
It started in 1981, when IBM was looking for an operating system for its 8088-based IBM PC. Microsoft offered to undercut DRI's CP/M by buying the rights to the 86-DOS product from Seattle Computer Products, a company that had sold computer kits built around the Intel 8086 microprocessor, of which the 8088 was a cost-reduced variant. SCP had designed 86-DOS to allow developers of CP/M programs to make quick ports, and at the time, there wasn't much existing software for 8086 computers on which big companies
Re: (Score:2)
Re: (Score:3)
Perhaps the fear is that if the patch is not merged, Microsoft will revoke the certificates that have been used to sign mainstream GNU/Linux distributions.
Microsoft doesn't control the certificates, VeriSign does, Microsoft can't just 'revoke' certificates and stop SecureBoot from loading them, they don't control any of that.
Re: (Score:3)
Perhaps the fear is that if the patch is not merged, Microsoft will revoke the certificates that have been used to sign mainstream GNU/Linux distributions.
Microsoft doesn't control the certificates, VeriSign does, Microsoft can't just 'revoke' certificates and stop SecureBoot from loading them, they don't control any of that.
Yes they do. The bootload'ers used for booting Linux are signed by Microsoft. The Linux community *could* work with vendors do have a "Linux" certificate installed in the firmware which would allow other boot-loaders to boot. But given the number of vendors that has been deemed impractical. Instead Linux distros (and Matthew Garett) have created boot loaders/shims which are chain-loaded from Microsofts boot-loader. As such they need a MS key.
Presumably MS has a number of restrictions on how such a boot load
Re: (Score:2)
Ubuntu on a Chromebook (Score:2)
Personally I think old Ballmer has too damned much on his plate to give a shit about Linux one way or another ATM
Then why has B-17 Ballmer's company continued to pressure manufacturers of Android smartphones, charging them as much for the use of FAT file system patents and other essential patents as it would charge for a license of Windows Phone itself?
namely "Become Apple" which he is learning
Hence the patent suits.
Have you SEEN the new Acer ChromeBook? You have an X86 CPU, hard drive, RAM, etc that are so bog standard it hurts yet is so locked down you can't even run Linux X86 on the damned thing!
To reformat an Acer Chromebook into developer mode [arstechnica.com], hold F3 and Esc while turning on the power, then press Ctrl+D.
Re: (Score:2)
why would that start a flame war? Java and C# are basically equivalent.
Re: (Score:2)
why would that start a flame war? Java and C# are basically equivalent.
Maybe that would exactly be the first spark. "Why the hell would you do that?!? They are basically equivalent!!" Then some passionate Java or C# coder would point out that "they are FAR from equivalent, just see how this garbage collection feature is implemented much more nicely..."
Re: (Score:2)
lm-sensors (Score:4, Funny)
My system doesn't hibernate, it passes out from exhaustion.
You could try setting up lm-sensors [tuxtweaks.com]. Or is your motherboard not supported [lm-sensors.org]?
Re: (Score:2)
You could try setting up lm-sensors [tuxtweaks.com]. Or is your motherboard not supported [lm-sensors.org]?
So that you could monitor in how much pain it is in?
Step 2: Fan on demand (Score:2)
So that you could monitor in how much pain it is in?
Yes, and this lets you trigger the CPU fan to turn on or speed up whenever the CPU is under stress. This way you get nice, quiet operation when the computer is running undemanding applications such as editing the low-definition version of a video, or loud operation when you're out of the room and the computer is running something similarly CPU-demanding with all cores blazing, such as applying the chosen edits and effects to the original high-definition footage.
Schroedinger's joke and what the tropers call CMTP (Score:2)
Making root not root? (Score:2)
Seriously? A patch to block root users from running kernel images? This is like how it works in Windows: applications not running as root aren't allowed to unsigned kernel code. What's the point of making root not root?
Is he going to disable the 50 other ways in which root programs could take over the kernel, too?
Re:Making root not root? (Score:5, Informative)
Hibernation does a complete dump of the memory and thread state of the system to disk, and when the computer is later booted a well behaved loader sees the dump and restores the memory and thread states from disk.
The problem is that anyone with physical access can fuck with the memory dump in between the hibernation and the restore, thereby injecting untrusted code into the supposedly trusted environment.
But thanks for giving us your ignorant opinion.
Sign the hibernation file (Score:4, Interesting)
The problem is that anyone with physical access can fuck with the memory dump in between the hibernation and the restore
Anyone with physical access can probably reset the BIOS password and turn off secure boot. But barring that, perhaps one solution is to sign the memory dump with a key stored in the TPM.
Re:Sign the hibernation file (Score:4, Informative)
Anyone with physical access can probably reset the BIOS password and turn off secure boot.
The point of secure boot is to make possible a chain of proof attesting that everything that gets loaded into ring0 has not been modified. Clearly if you can disable the chain of proof then you can disabled the chain of proof, but you cannot do so invisibly, which is the entire point of secure boot.
Re:Sign the hibernation file (Score:4, Insightful)
The point of secure boot is vendor lockin. The point of Linux is to not be locked to a vendor.
Re:Sign the hibernation file (Score:5, Insightful)
"DRM is to promote sales through reducing piracy "
No, the point of DRM is to increase profits by removing a potential threat to sales. The point of secure boot is potentially lock hardware to the operating system. The chain of proof is just a selling tactic at best but irrelevant as there are a myriad of ways to compromise a system for those with the will to do so. It's more effective as a wedge to eventually control hardware manufacture. Remember this kind of behavior wouldn't be new for Microsoft.
Re: (Score:2)
Anyone with physical access can probably reset the BIOS password and turn off secure boot.
The point of secure boot is to make possible a chain of proof attesting that everything that gets loaded into ring0 has not been modified. Clearly if you can disable the chain of proof then you can disabled the chain of proof, but you cannot do so invisibly, which is the entire point of secure boot.
So, uh, wouldn't we just then perform a SHA512 hash of the dumped hibernation memory? A salted hash is good enough to detect tampering if you're not concerned about hiding the data in the dump. A loader would then perform the same salted hash of memory as it's loading it and abort if the resulting hash doesn't match the on-disk hash. Of course the same code signing chain technology Secure Boot employs can be used to sign the salt & hash to ensure the dump's integrity.
OK, here's the thing: Is ther
Re: (Score:2)
here's no need to even tamper with the boot sector because said malware can simply re-exploit the OS after it's booted up.
I think the point of secure boot is that today, once the system is rooted, you can install a hypervisor and own the system forever. Repairing the original hole does not save an already rooted system. With secure boot, if the hole is repaired, the system cannot be re-rooted, so any exploits that used that hole are now gone.
Re: (Score:2)
RTFA, for chrissake.
The reason behind disabling hibernate functionalities is that currently the Linux kernel doesn’t have the capability of verifying the resume image when returning from hibernation, which compromises the Secure Boot trust mode
The stupidity, confusion, lies and just plain FUD in every secure boot thread on Slashdot is just plain amazing.
Re: (Score:2)
Regardless of the SecureBoot issue, the loading of an unverified resume image is a security issue that should be resolved anyway...
Re: (Score:2)
No its really not. If you can tamper with the resume image it basically means you had physical access to the machine, or something equivalent if the machine is a VM.
Full disk encryption available on Linux via LUKS can protect the integrity of the resume image. So there is no reason, none, nadda, for the kernel to have some second method to verify the integrity of the suspend to disk image.
If you are not running FDE than anytime a system has been outside of your physical control it should be assumed to be
Re: (Score:2)
Replying to my own post. Okay there is one reason to have some secondary method. That reason would be to prevent the lawful owner of said machine who controls the disk encryption keys from altering the image. Which I don't consider to be a legitimate reason. Its my machine I should be able to load anything into its memory I like; by any method I can make work.
Re: (Score:2)
currently the Linux kernel doesn’t have the capability of verifying the resume image when returning from hibernation
I suggested how to add such "capability of verifying":
perhaps one solution is to sign the [resume image] with a key stored in the TPM.
I'd be willing to explain this suggestion in more detail. What questions do you have?
Tourettes and Rap (Score:2)
Re: (Score:2)
Seriously? A patch to block root users from running kernel images? This is like how it works in Windows: applications not running as root aren't allowed to unsigned kernel code. What's the point of making root not root?
Is he going to disable the 50 other ways in which root programs could take over the kernel, too?
This is the precise point of TPM - it takes away control over the computer from user/admin. "Your" computer is not yours anymore.
Good first step (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Unless you passed the entire memory image trough the TPM, how are you going to accomplish this without compromising the key to the operating system?
Let's see. How about computing a hash of the memory and pass that through the TPM?
I mean, like it is *always* done when digitally signing something.
Re: (Score:2)
When you sign an image you actually just first calculate a hash of the image and then sign that hash. It is easy to send the hash to the TPM. The key does not need to exit the TPM at any point.
Fuck Secure Boot (Score:5, Insightful)
It's my goddamn computer, my goddamn hardware, and it's MINE. I will run any fucking operating system I goddamn well please on it, and if Microsoft doesn't like that, they can FUCK THEMSELVES right in the GODDAMN EAR.
Re:Fuck Secure Boot (Score:5, Insightful)
Why the downmods? Yeah, maybe the AC was just trolling, but his overall point I actually agree with. If anything, it should've been modded +1 "Funny" for the "fuck themselves in the god damn ear" part.
Re: (Score:2)
Or it could be that you're just a conspiracy theorist.
Re: (Score:2)
It's my goddamn computer, my goddamn hardware, and it's MINE. I will run any fucking operating system I goddamn well please on it, and if Microsoft doesn't like that, they can FUCK THEMSELVES right in the GODDAMN EAR.
Or you can just disable it...
Re:Fuck Secure Boot (Score:4, Funny)
It's my goddamn computer, my goddamn hardware, and it's MINE. I will run any fucking operating system I goddamn well please on it, and if Microsoft doesn't like that, they can FUCK THEMSELVES right in the GODDAMN EAR.
Or you can just disable it...
What, and miss the chance of seeing Ballmer fuck himself in the goddam ear?
Shyeah....
Re: (Score:3)
It's only yours if you buy it. I suggest not buying hardware with Secure Boot, if it bothers you so much. But then, all x86 hardware with Secure Boot is required to have the option to disable that feature. So, you could take that route, too.
Re: (Score:2)
I hadn't heard of Microsoft's involvement at all until the article on Slashdot that they were starting to mandate UEFI Secure Boot.
As far as I know, that UEFI standard is older than their involvement. Older still is repeated calls in the security research community for some kind of signed boot process to enable a ground-up signed system. The major motivations for which were to create more reliable antimalware and to do remote attestation. (More reliable antimalware meaning anitmalware that can prove that ev
Re: (Score:2)
"Microsoft actually does something evil."
Microsoft already has on numerous occasions, one more is dust in the wind right? As for UEFI Microsoft's involvement has been going on a long time. And who said secure boot had to be default, guess, Microsoft. It could be off and set to on by users, you know the ones who should have control since they're paying for it.
Conceptually.. (Score:5, Interesting)
Re:Conceptually.. (Score:5, Insightful)
The kernel can execute ring 0 instructions. Your initrd can't. The difference is that you could construct an appropriately modified hibernation image that booted an arbitrary kernel - or even an entirely separate OS. In that scenario, your kernel is effectively a new bootloader, except unlike the signed bootloaders it'll happily boot an entirely unsigned OS. That's unlikely to end well.
But, conceptually, you're right. Secure Boot doesn't magically make a system secure, but it *is* a vital part of system security - if you can't trust your kernel, any other security you attempt to build is pretty much pointless.
Re: (Score:2)
If it were an anti-piracy measure then there wouldn't be a requirement for you to be able to disable it.
Re: (Score:2)
"If it were an anti-piracy measure then there wouldn't be a requirement for you to be able to disable it."
Yes there is a Microsoft reason to turn it off. Backwards compatibility with older OSes and applications. That and a possible negative response from the DOJ and especially the EU. Of course, a large backlash by the tech public couldn't be ruled out either.
Re: (Score:2)
Disabling secure boot means you can easily lie to the OS about whether or not secure boot is enabled.
Re: (Score:2)
> real-world Linux installation (where the mere presence of "root" nullifies any advantage of "secure boot").
You haven't had the misfortune of experiencing Linux on non-x86/AMD64 platforms, I see. Out in the ARM hinterlands, things aren't nearly as friendly. TI, in particular, has some UNBELIEVABLY nasty features baked into their SoC (used by Motorola for Android phones, among other things) that allow the manufacturer to dictate what memory, flash, and i/o ports you can read or modify based upon where th
Re: (Score:2)
Re: (Score:2)
Better question: Wouldn't Microsoft Windows have exactly the same hybernation-resume problem?
Re: (Score:2)
Mac os x will run fine on Apple machines!
The problem isn't with the hibernation (Score:3)
Secureboot is the problem and disabling it(or getting rid of the device for a freer one) is the solution.
Re: (Score:2)
Unfortunately, if you have a Windows 8/RT ARM-based system, disabling Secure Boot cannot be done... so that's not always a solution. Just when we finally get ARM systems useful as general purpose computers to replace x86 instead of being limited to using ARM in pathetic special-purpose systems like routers and cell phones, Microsoft swoops down and fucks everything up. As usual, Microsoft is here using their abusive powers to wreck the day.
All this bullshit and we still have problems (Score:2)
Re: (Score:2)
Secure boot isn't. There is no point in hacking our way into Secure boot because it isn't secure, period. There is always a way around every security design
Right. Why do we bother with security in the first place? Let's just disable security features on every system because they will be circumvented anyway. What an absurd argument.
and hobbling the industry with a proprietary technology isn't going to help anyone but incumbent large players.
Secure Boot isn't proprietary. It is specified bye UEFI where several of the Linux distros have been represented. Not that you'd know from the hyperbole by some of them, MJG included.
Secure Boot is nothing more than an attempt by Microsoft and other entrenched players to exclude smaller companies. The only secure idea at Microsoft is Linux!
Personally I'd like my bank, my government, the military, the SSL issuers to set up their systems so that they'll know if their systems (on which I depe
Re: (Score:2)
The issue these patches are addressing though have nothing to do with security from the perspective of the machines owner.
I agree a bios that only executes and signed boot loader and boot loader that only executes a signed kernel image *could* be valuable tools to enable an operator to validate the machine has not been compromised. As the machines owner though *I* not anyone else unless I so designate should have the ability and possess the sole authority to sign boot loaders and kernels.
There is no legiti
It doesn't matter... (Score:2)
... because hibernate is pointless and never reliably works anyway. Set everything to autosave and get a distro that boots up quickly.
Re: (Score:2)
"Set everything to autosave and get a distro that boots up quickly."
And use SSD drives in your machine. If you still have a problem, switch to decaf.
Re: (Score:2)
"Whatever application you had open is still open in the exact same state, and that's practical."
Funny X11 used to have this thing called session management, I wonder where that went?
SecureBoot is a modern version of vendor lockin (Score:4, Informative)
SecureBoot is nothing more than a modern kind of vendor lock-in, so why support it at all? Haven't the FSS and OSS communities by now gained enough leverage on their own to stimulate the development of software in the direction it should go, namely that essential software, like an OS, a BIOS or a piece of firmware, should be free (in the FSS sense) for use by anyone?
By accepting and even supporting suspicious software and business models such as SecureBoot, aren't the FSS and OSS communities more or less digging their own graves because Microsoft - who admittedly has changed a lot for the better the last few years - owns the very keys their software relies on for proper functioning?
Pick one that is important to you... (Score:2)
Re: (Score:2, Insightful)
No, "Secure" Boot is overrated. Very few people have any need for it; mostly a tool for corporate entities to strong-arm others in to complying with their every whim.
Re: (Score:2)
No one but Microsoft has any need for it. For starters, it doesn't serve its advertised purpose -- if it did, we'd see drivers getting blacklisted for ring 0 holes left and right, and I'm not aware of Microsoft blacklisting a single one. So it's not about preventing those eevil haxors from haxoring your machine. What is it for, then? Making sure competition to Windows never goes mainstream.
Re: (Score:2)
At least he didn't call it $ecure Boot.
Re: (Score:2)
Because presumably windows verifys the kernel image as it's loading hyberfil.sys into memory, did you not even read the summary?
The leap that TFS needs you to make is that with an unverified hybernation image you can simply remove the disk, overwrite it with an unsigned and modified kernel image and then have the hybernation process load it into memory for you from the trusted boot chain.
Re: (Score:3)
Re: (Score:2)
The practical answer to that concern would be why is the kernel so damn special.
You can argue that a particular OS is sloppy in its userland security, but its a bit odd to argue that the kernel isnt worthy of being protected because of that sloppy userland security.
Re:Why?? (Score:4, Insightful)
No, I think he's straight on. Secure boot stems from a broken threat model: that kernel access is extremely important. I know about userspace security, but the kernel already secures userspace without secure boot and proper privilege separation secures the kernel. Secure boot is a way of securing the system from root, which is futile (look at SELinux, for example).
This is primarily a technology for vendor lock-in. Always has been, always will be.
Re: (Score:2)
"They suspected that the attackers somehow compromised the system of one of the users and used his access to the systems."
I heard something about the lazy idiot between the screen and the chair. Secure boot doesn't and can't fix stupid.
So when a system is compromised for most of a month, potentially putting users who download binaries at risk and certainly putting them at risk of being served malware coctails, you are ok with the admins not discovering it because you blame the user whose account was compromised?
How about blaming Linux security for attackers being able to root multiple systems from a user account.
And do you feel comfortable that just because you can blame a user it is ok that the admins did not notice anything was wrong be
Re: (Score:2)
Because the kernel has complete control. Sure you can compromise ssh/init, but those are userland processes and any other userland process can verify those images are what they should be.
But
Re: (Score:2)
Your comments about kernel control and security is spot on. I don't get the "we already got enough security" argument at all. It's like the mantra that Linux somehow is inherently the most secure OS imaginable has gotten the best of some of the community and they actually started believing that there's nothing more to do.
Sure, it was invented by Microsoft, and Microsoft (on x86) enforces the user's ability to do an untrusted boot.
Not sure it was invented by Microsoft. It was specified by UEFI and certainly *pushed* by Microsoft. Parts of the Linux community in an effort to paint everything MS does as inherently bad
because linux has always run on shit hardware (Score:2)
it was the same issue with 'winmodems' back in the 90s. yeah its shit, yeah its stupid, but its whats on sale at Best Buy and what teenagers have when they go to college and learn what "GCC" is.
Re: (Score:2)
"vendors who don't/won't produce "label-compliant" products are less likely to receive "marketing assistance" payments from Microsoft."
Just call it bribes and be done with it. Or maybe even kickbacks, etc.
Re: (Score:2)
Re: (Score:2)
How about the ability of an OS to use all Windows-compatible software, and the ability to get the computer without OS as cheaply and conveniently as one with Windows?
For many Windows-compatible products, I can do as well or better on Linux (one example: the kernel). For many, there is no satisfactory FLOSS equivalent. This is particularly true of a lot of niche products, which can be crucial to many businesses. Also, many people need something Microsoft-Office-compatible, and there is no such thing.
Re: (Score:2)
Re: (Score:2)