Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Open Source Security Linux

Torvalds Opposes Tying UEFI Secure Boot to Kernel Lockdown Mode (phoronix.com) 69

An anonymous reader quotes Phoronix: The kernel lockdown feature further restricts access to the kernel by user-space with what can be accessed or modified... Pairing that with UEFI SecureBoot unconditionally is meeting some resistance by Linus Torvalds. The goal of kernel lockdown, which Linus Torvalds doesn't have a problem with at all, comes down to "prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorised modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, whilst still permitting driver modules to be loaded." But what has the Linux kernel creator upset with are developers trying to pair this unconditionally with UEFI SecureBoot. Linus describes Secure Boot as being "pushed in your face by people with an agenda." But his real problem is that Secure Boot would then imply Kernel Lockdown mode... "Tying these things magically together IS A BAD IDEA."
This discussion has been archived. No new comments can be posted.

Torvalds Opposes Tying UEFI Secure Boot to Kernel Lockdown Mode

Comments Filter:
  • Essentially (Score:5, Insightful)

    by 110010001000 ( 697113 ) on Saturday April 07, 2018 @05:11PM (#56399089) Homepage Journal
    Essentially what the corporations want is for people to only user the Internet via locked down ("approved" or "secure" devices). These devices will only have cloud based storage available and everything will be streamed from servers and the consumer will only need to pay a monthly fee for all this goodness. If you don't think this will happen, think of the children, or the terrorists, or the terrorist children, or security, or whatever the problem is this week.
    • by Anonymous Coward

      So, Chromebooks.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      If you don't think this will happen, think of the children, or the terrorists, or the terrorist children, or security, or whatever the problem is this week.

      It's sexism. We need to lock down computers to prevent sexism. #MeToo

      • Re: Essentially (Score:2, Insightful)

        by Anonymous Coward

        Racism, too. And to prevent the wrong candidate from winning an election.

    • "If you don't think this will happen, think of the children, or the terrorists, or the terrorist children, or security, or whatever the problem is this week."

      Bedbugs!! We need secure boot welded to Kernel Lockdown in order to fight the bedbug epidemic. (I'll also help fight global warming, prevent asteroid strikes, discourage illegal immigrants from voting, and save the skeets)

    • Essentially what the corporations want is for people to only user the Internet via locked down ("approved" or "secure" devices). These devices will only have cloud based storage available and everything will be streamed from servers and the consumer will only need to pay a monthly fee for all this goodness. If you don't think this will happen, think of the children, or the terrorists, or the terrorist children, or security, or whatever the problem is this week.

      Actually UEFI boot is just an encrypted boot loader. It is a feature if you put the tinfoil hat away as you can add your own keys. My Asus board offers this and it is GREAT FOR SERVERS. Many companies sign their RedHat Enterprise with UEFI and customer keys to prevent rootkits.

      It is not a kernel level anything. For a phone that is truly locked down you would need an encrypted CPU where if the assembly code isn't signed it will refuse to run on some DRM nightmare. But the bootloader doesn't go that far at al

      • Re: Essentially (Score:5, Informative)

        by peppepz ( 1311345 ) on Sunday April 08, 2018 @12:58AM (#56400365)
        UEFI secure boot and Microsoft-mandated secure boot are two different things.
        Microsoft took the secure boot specification, which is neutral, and added their own requirements, which aren't. They mandated themselves to have literally as much power as possible, while at the same time leaving to the user as little power to take back ownership of their own machine as it was possible without the world accusing them of taking over the PC market.
      • Re:Essentially (Score:5, Informative)

        by Jane Q. Public ( 1010737 ) on Sunday April 08, 2018 @02:33AM (#56400505)
        It's only "great" if you use that company's EFI support for that particular operating system.

        Otherwise, it's a major pain in the ass, and can even block you form installing the OS you may want to use.

        Microsoft has been the biggest pusher of this scheme, because it did not want people to be able to dual-boot. They called it a "security" measure, but in fact my system is a hell of a lot more secure if I install MacOS and run Windows in a "bootcamp" or VM.

        It's ALL ABOUT corporate lock-in, and not about security at all. Just as HDMI was/is.
        • Most x86 boards let you set up the KEK (key exhange key, or platform key) or disable it entirely. Really it's the only way to prevent certain types or persistent attacks, attacks which become much easier when you have a standardized modular firmware.

          HDMI is a great standard, it's DVI with a sound and remote channel thrown in. HDCP sucks, and like all DRM is better off outright boycotted and broken.

        • by jbo5112 ( 154963 )

          macOS has more CVE findings released that Windows 10 [cvedetails.com]. Why would using macOS as a base be more secure?

      • Read the article. Lockdown is a kernel mechanism to make even root can't read to write to Ring 0, helping to keep disk encryption keys safe even from root access attacks, protecting bootloader configuration, and some sorts of code injection.

    • by epyT-R ( 613989 )

      Not just corporations. Your friendly local 'globalhood' government wants it too.

    • This trending economic model (or business model, which is unfortunately starting to mean the same) of forever renting goods leads to the abolition of private property, at least for the masses. Kind of funny that what looks like the the new epitome of capitalism so strangely resembles communism. What's your take on this?
      • Using tons of evidence Thomas Piketty points out in his book Capital in the Twenty-First Century [wikipedia.org] that capital will naturally always grow at a higher rate than the rate of economic growth (read: wages).

        From Wkipedia: "The book's central thesis is that when the rate of return on capital (r) is greater than the rate of economic growth (g) over the long term, the result is concentration of wealth, and this unequal distribution of wealth causes social and economic instability."

        The rentier capitalist state

    • Re:Essentially (Score:4, Interesting)

      by rtkluttz ( 244325 ) on Sunday April 08, 2018 @12:39PM (#56402355) Homepage

      Malware. Any system that treats the owner of the device as the problem is malware. I'm all for secure boot as long as the owner of the device decides what to tag as secure and has complete control over the encryption and lockdowns.

    • by stooo ( 2202012 )

      Here's the basic explanation :
      https://lkml.org/lkml/2018/4/3... [lkml.org]

  • by Anonymous Coward

    What does any of this mean?

    • by Monster_user ( 5075027 ) on Saturday April 07, 2018 @05:49PM (#56399227)
      Kernel Lockdown protects the kernel.

      Secure Boot protects against malware and malicious hardware, as well as teenagers with Linux on USB thumb drives bypassing security altogether.

      Together they are supposed to make it impossible to bypass or break the core things, which is supposed to make a computer more secure.

      Of course adding security breaks things. Such as open source drivers for hardware for which drivers do not exist. Which means that those needing exemptions to the security will lose both, not just one or the other. Reducing security overall.
      • by raymorris ( 2726007 ) on Saturday April 07, 2018 @09:23PM (#56399883) Journal

        First, kernel lockdown in no way restricts which drivers you might have running. If you want to *change* which drivers you have running without rebooting, you'll need to *sign* the new module. Absolutely nothing prevents you from signing an open-source module. The command is:

        scripts/sign-file sha512 kernel-signkey.priv kernel-signkey.x509 module.ko
        (Or just set check the box to sign all modules in make menuconfig).

        Sign-file signatures work for both secure boot and the kernel restriction. For the kernel, the first time you ever sign a module you enroll your public key with keyctl.

        • by Junta ( 36770 )

          Of course, this can't play well with akmods/dkms and still be secure, since for that to work you'd need the signing key easily available. So you will have to take a more tedious approach for out-of-distro drivers than before.

          • The key only needs to be available while installing a new kernel (not all the time), and only on one system in your organization.

            Without the protection:
            At any time, any system on your network can have kernel-level code changed, from userspace.

            With the protection:
            Before you deploy a new kernel across your network, plug your USB stick with key into your build system in order to allow dkms to build and sign the module. Then unplug the stick so that your kernel can't be changed without you doing it.

            It gives you

            • by Junta ( 36770 )

              The point is that DKMS/akmod type packages make out-of-tree drivers auto-handle updates, and any system can just be applying updates from vendor with no effort required to stage it, on each server.

              Here, you must vet every single kernel update and prepare your matching kmods prior to letting systems apply the fix.

              I didn't say you couldn't build your kernel as you describe, just that deploying akmods/dkms type driver packages to your systems becomes a non viable approach, and that a more tedious approach (as

      • by Junta ( 36770 ) on Saturday April 07, 2018 @09:25PM (#56399893)

        Secure Boot protects against malware and malicious hardware, as well as teenagers with Linux on USB thumb drives bypassing security altogether.

        Actually, it does none of that. This is one of my peeves with secureboot, it is annoying *and* largely ineffectual.

        On malware, yes, it would protect against a certain class of malware: boot sector virus. But then again, a subset. Sure you can't be a kernel, and that does hypothetically give the OS creators a foundation to have some layer that is intact. What if your malware is a patched gdm, sshd, pam, or agetty? Yeah, those would be fine. Windows still has plenty of malware despite being 'Secureboot'. What about replacing /etc/shadow in linux or the SAM db in Windows? Sure, that is also fair game, go ahead and insert your backdoor account with admin privilege.

        On malicious hardware, it doesn't do anything, though related technologies can cause UEFI drivers to not execute if not signed. The OS asks the platform if it is secureboot enabled and takes the answer at face value (there's no secure mechanism to vlaidate that the platform isn't lying to you).

        As far as Linux or Windows PE on USB thumb drives, again it doesn nothing. A windows or linux install disk can also be a 'rescue' disk. For that matter, secureboot covers neither the initramfs nor the wim file, so make your own privileged install media, it's all good as far as secureboot is concerned. You don't need a custom kernel to make a boot disk.

        With that, what are the protections against the general class of replacement hardware/boot configuration/boot media?

        Well, the weakest is a BIOS/UEFI/bootloader passwords, which in theory mitigates the chances someone can select their bootable media. In BIOS systems, it is common for USB disk to boot preferentially, so this might not pan out. The typical UEFI boot setup on the otherhand is a bit more specific by usually having a single boot item and that boot item being the machine specific boot partiion GUID and file. However even then I suspect you could probably discern the boot volume guid as non-admin user, and I don't know what UEFI will do if you have removable media with the same GUID as the boot volume. Also, none of this does a damn thing if the attacker could remove the boot media and mess with it offline.

        So now we have SED/BitLocker/dm-crypt soultions, which are more hardened. However, by themselves these make automatic reboots impossible, and are thus highly annoying. For another, the keyphrase prompt can be emulated and phished if an attacker has two cracks at your system (one to install a fake prompt using a valid kernel, another to go and glean the captured secret.

        At last we come to the most relevant security approach: Trusted Boot. Here you use SED/BitLocker/dm-crypt as above, but rather than prompting for password, you seal the key to TPM PCRs. This allows the system to boot and unlock automatically, but only if the user didn't do anything different (like boot form a different device, or enter f1 setup, or replaced the motherboard). Again at least one potential hole is whether you can spoof a GUID to trick the platform to boot with the same PCR state. another limitation is that generally you have a backup password, and a user could assume if they see the prompt, something innocuous went wrong rather than malicious (e.g. I had a device that went in for warranty repair, and the PCR state was lost forever and so I had to take it on faith the repair center nor the mail system did anything to phish the recovery prompt).

        • by Junta ( 36770 )

          Actually, I recall that time I held back my boot volume, so I knew they couldn't have modified it. I am trusting that the TPM is acting as advertised, but at some level that becomes unavoidable.

        • Sure, that is also fair game, go ahead and insert your backdoor account with admin privilege.

          How? That would require access to the system itself. The point of secure boot is to close of a previously unclosable vector. It was never meant to protected against any changes to the OS itself, just the changes that can happen and persist outside of the OS.

          Just because it only targets boot sector based malware doesn't make it ineffectual. Quite the opposite actually since this was a malware vector which was previously effectively not protected against.

          • by Junta ( 36770 )

            How would they get a kernel-level virus onto the boot sector/partition? If a user has some method that would let them modify the boot volume, they have a way to modify passwd/shadow/SAM. Either the enduser runs something as admin (which admittedly full disk encryption would do nothing to stop) or an offline attack is required with or without secureboot (which full disk encryption can stop).

            My point is it only works against a subset of boot sector virus: ones that run a modified kernel or stage before the

            • If a user has some method that would let them modify the boot volume, they have a way to modify passwd/shadow/SAM.

              Not at all, we invented something called disk encryption which for obvious reasons either doesn't apply to the boot sector, or (and the brute force method) needs to be applied before the BIOS finishes it's job, and that is outside of the OS control and therefore not as common as managed processes such as those applied by the OS.

              The other problem I have is that SecureBoot, practically speaking, makes MS the gatekeeper to the PC platform.

              Yes now that IS a legitimate concern.

              • by Junta ( 36770 )

                Not at all, we invented something called disk encryption

                Which I went into, at length. Admittedly, I'm unsure if there is a TPM PCR mutated by the cryptographic hashes of EFI executables, but such a mechanism would allow arbitrary efi to execute, but mutate the PCRs to prevent disk encryption key from being unlocked if altered. In this way, a relatively simple shim.efi (the same sort that enables secureboot without having to get updates signed endlessly) could be responsible for both ensuring PCR validty to get a volume key, and then subsequently verify subsque

  • by Anonymous Coward

    How stupid can this be? You put everything on ROM. No time wasted 'loading' this and that. Who thought that shit up to begin with? A computer should always be in a ready to run state, just apply power.

  • Well now Microsoft is investing more and more into open source and putting out linux updates like a champ, we might say they really care about what will happen. In this regard I can suggest the outcome that if L.T. does not bend (and he usually does not) they might even fork to ensure they have their version of linux the way they want it.

    • by JustNiz ( 692889 )

      > we might say they really care about what will happen.

      We might. Or we might say this is just yet another variant of embrace,extend,extinguish.that's been Microsoft's core strategy since MSDOS.

      > they might even fork
      That would be the dumbest idea ever because no-one with an actual clue would take their fork as seriously as the "real" Linux, but nothing would surprise me when dealing with Microsoft or the clueless management types that keep buying/deploying their products.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...