Skip to content

Top New Best Ask Show Jobs

Safeboot: Booting Linux Safely (opens in new tab)

(safeboot.dev)

197 pointsthudson5y ago54 comments

Safeboot: Booting Linux Safely | Better HN

54 comments

balnaphone5y ago

I really like the philosophical approach here, even if it's too finicky to put in practice today. I'm really sick of everything being made "secure", when in fact the "security" is for someone other than the legitimate user of the thing. Phones, laptops, physical security systems, cars, the list goes on.

There was a post here yesterday (https://news.ycombinator.com/item?id=23149771) about the (in)security of Linux, but the primary purpose of an OS is utility, not merely security. The leadership of the Linux project made very smart analyses of what priorities come first. Despite there being billions of insecure old devices scattered about, running old kernels, I think the kernel authors made the right call.

The problem rests with the manufacturers who abandoned support for those devices and left no escape route for users to update the kernels themselves. Most disgusting are these phone and car manufacturers, and apps, which have enabled wholesale spying on users for many years now. These devices are literal bugs, reporting realtime locations, conversations, and who knows what else to Big Brother.

Its a pleasure to see that some people still care enough to make the world a better place, in a way I can understand.

x3blah5y ago

"I'm really sick of everything being made "secure", when in fact the "security" is for someone other than the legitimate user of the thing."

There must have been some groundswell movement amongst users all demanding that the boot process be made more "secure". There must have been well-publicised cases where "bad guys" were hijacking the boot process.

Perhaps different people have different definitions of "secure". If some third party, including the seller, has control over access to the computer or what I can run or disable on it after I purchase it, then I do not consider that computer to be more "secure". I just consider it to be less useful and less trustworthy to use with any personal data.

matheusmoreira5y ago

> There must have been some groundswell movement amongst users all demanding that the boot process be made more "secure".

There wasn't. Users want security in general but most people would not even realize it if a boot process was insecure nor would they understand the implications.

> There must have been well-publicised cases where "bad guys" were hijacking the boot process.

Yes. The "bad" guys are the people running "unauthorized" software on computer hardware. Governments and corporations would very much like to restrict what users can and can't do. Widespread cryptography is viewed as an existential threat to law enforcement and intelligence gathering. Companies enjoy owning their users and being in a monopoly position with regards to the software market for their devices. So we get systems which control the user instead of systems controlled by the user.

> I'm really sick of everything being made "secure", when in fact the "security" is for someone other than the legitimate user of the thing.

It's less binary than that for me. Yes, the same technologies that keep my data secure also act as a buttress against jailbreaking. But people who want to jailbreak can simply choose less-secure devices, while I would personally not trade that security for greater hackability. There are other, lower-risk devices than phones and cars that I can use for that.

alias_neo5y ago

I don't see the need for a trade; SIP for example is an Android feature (I'm surmounting your "less-secure" to "Android"); why can they not support replacing the manufacturer keys, just like my UEFI laptop, so that I can modify my OS, build a custom kernel, sign everything and relock the bootloader?

I think we know the answer, and that is; the attitude towards things like mobile phones being different to that of a laptop; we don't really "own" or phones in the same sense and if shouldn't be that way.

ryukafalz5y ago

IMO the industry has made this into a false dichotomy. I want both security and hackability, and I don’t believe for a second that wanting better security means we should have to give up control of our devices.

balnaphone5y ago

Apparently your threat model doesn't include governments and large corporations, who have done more enumerable harm (e.g. through the military-industrial-information complex) to people than small-time crooks ever have. Sometimes it seems more people want to live in prison (or a gilded cage), than in regular civilian life with all its attendant dangerous freedoms.

The point of the OP is that users can and deserve to have the reliability that cryptographically-secure boot systems provide, without the Big Brother backdoor.

Slightly unrelated:

I currently have a custom platform key, packet everything I need for booting into a single image (signed with the custom platform key) and everything else is in a fully encrypted partition (lvm2 on dmcrypt). "Decryption key" is inserted via keyboard on boot, which is not to everyone's liking but is what I want.

It's not really hard to setup (on arch Linux) and works like a charm. ;-)

Through the drawback is that the initRamFs is only protected by the signature/secure boot but not encrypted and combining it with some other boot related setup can be less straight forward then under a "boring" setup.

I.e. some of the thinks this project promises are already possible now, just not streamlined. Which is why it's nice to have such a project.

thudsonOP5y ago

That was exactly my motivation: there are tons of guides for setting up UEFI SecureBoot platform keys, yubikey tokens, TPM disk encryption, dmverity, etc, but all of them seemed to involve "type hundreds of commands with no mistakes and hope that your system still boots afterwards". It felt to me that each program represented a low-level library function that needed to be linked into a high-level tool to handle the common cases for most users.

Regarding /boot being in the clear -- the initramfs and kernel shouldn't contain any secrets, so having them unencrypted isn't a big drawback. Signed is much more important so that an adversary with write access to the disk can't swap out the kernel.

One advantage to using the TPM for unsealing the disk encryption key is that it helps protect against attacks that re-write the firmware. If an adversary can reflash the platform key (via either a local SPI flash programmer or some code execution that gives them write access to the NVRAM region of the flash), then you can't tell that the PK has been changed and that the kernel to which you are inputting the password is no longer trustworthy. Since the secret is sealed with (among other things) the hash of the UEFI SecureBoot configuration, the TPM will not unseal it if the PK, KEK or db are changed.

If you want to take it to another level, TPM TOTP can be used to validate that the password dialog is even valid before you type in the password. I think we can integrate that fairly easily into the initramfs for the next version of safeboot.

ohazi5y ago

There's a way to encrypt the boot partition and have GRUB ask you for the boot partition key, but you're limited to LUKS1, and the decryption process is slow as molasses, since it's implemented inefficiency directly in the GRUB code, because the Kernel's faster code isn't loaded yet. It's also probably full of side channel leaks. Signing the kernel and ramdisk is probably the better option...

What's your defence against an attacker with a few hours of physical access meddling with whatever comes before you typing the decryption key, such that you're actually typing your key into a program controlled by them, which then decrypts your filesystem image, inserts its own malicious code into some irrelevant kernel module, then boots the system as normal?

andrewnicolalde5y ago

What's the disadvantage of not encrypting your initramfs if it's protected by a signature?

greendave5y ago

> fTPM tampering is out of scope since the ME is the root of all trust in the system

I'm wondering about this assumption. Hasn't the ME previously been shown to be fairly straightforward to exploit?

I think they refer more to the "technical" term "root of trust" then to weather or not persons trust it/it has had security vulnerabilities.

als05y ago

As long as there is choice (e.g. between fTPM and dTPM) then it's up to the eye of the beholder to pick appropriately. An fTPM is better than nothing, but discrete TPMs have certifications.

shawnz5y ago

ME has had exploits, but it has also had patches.

seanhunter5y ago

If you're interested in this kind of thing, Invisible Things Lab are really worth checking out https://theinvisiblethings.blogspot.com/2009/10/evil-maid-go...

tenebrisalietum5y ago

So what about this:

- Copy GRUB, bootlines for your system, your kernel and initrd to a WORM media like a bootable CD-ROM.

- Boot using CD-ROM.

- When boot completes, remove the CD-ROM.

Now you can't attack my boot kernel or boot process because I've just physically separated it from the system and taken it with me. Even if it was there, the media is read only so you can't modify it.

If I need to upgrade, I need to burn a new CD. CDs are cheap.

Using actual CDs would be impractical for many users, but a parallel could be implemented on a system with micro-SD card readers supporting removeable media and a physical read/write or connection switch. Which, if we're talking about physical switches for camera and mic, why not boot files?

jaclaz5y ago

Hmmm.

This implies that you have set your boot order to CD-ROM first, so anyone can - say - boot their own system on your machine from CD and either access your data or make a dd-copy of your disk and look at it later.

You need also to password protect your BIOS so that first device in boot order is hard disk and settings cannot be changed (without BIOS password).

Depending on the BIOS this change in booting order could be possible at boot time (providing the password) or a reboot would be needed.

Avamander5y ago

> You need also to password protect your BIOS so that first device in boot order is hard disk and settings cannot be changed (without BIOS password).

You also have to make sure your BIOS can't be reset by removing the battery, doesn't have some administrative bypass or even a reset jumper. I've even seen a BIOS that reset to default boot settings when you remove all disks - and then gleefully boots from any attached USB disk.

I’m guessing this setup makes sense with encrypted disk, that way, since decryption keys are on the CD, you can’t access the files without it.

Endlessly5y ago

My understanding is MicroSD “hardware” switch triggers a software based switch that not enforced by the hardware; that is, it is not designed security.

Even a “read only” CD-ROM if not verified on boot for tampering — might contain an attack, including: to just disable the disk from booting, among other things.

This actually sounds like good actionable advice for a semi-technical person like a journalist.

Still leaves you vulnerable to bios compromise (e.g. get some malware running in SMM before your kernel), but that can be addressed by soldering the bios WP pin low and dropping some epoxy over the laptop case screws.

Edit: There are some SPI chips that have a write protect fuse that you can blow, leaving your bios in a known-good state. [1] pdf page 7.

[1] https://cloud.3mdeb.com/index.php/s/PBfAzZZQYcj3xbs

shawnz5y ago

Does anyone know if anything similar is possible with Windows? I am interested in the idea of signing the bootloader with your own keys to prevent other system images from being used on the system. It seems like such a system would provide much better anti-theft guarantees than existing solutions like CompuTrace/Lojack.

jimbobimbo5y ago

Isn't that what Bitlocker and Secure Boot do essentially?

https://docs.microsoft.com/en-us/windows-hardware/design/dev...

shawnz5y ago

In its typical configuration, Secure Boot can't provide any anti-theft guarantees because an attacker could just replace the contents of the disk with a new Windows installation and the workstation would be usable for them.

Secure Boot as it is configured by Windows only prevents malware from inserting itself into the boot process, since all Windows installations use the same signature. Bitlocker only prevents attackers from accessing the data on the disk, not from using the workstation in general.

ghostpepper5y ago

I had originally hoped to enroll signing keys in the firmware of my X1 carbon until I read this post[1] on reddit claiming it has the potential to brick the laptop, and so far I haven't found an official statement from Lenovo claiming otherwise.

[1] https://www.reddit.com/r/thinkpad/comments/epadb5/psa_dont_i...

pram5y ago

Sounds like what the T2 chip does on MacOS, which I also found interesting:

https://duo.com/labs/research/secure-boot-in-the-era-of-the-...

cachestash5y ago

Anyone interested in this might like keylime.dev - its open source remote boot attestation platform.

temptemptemp1115y ago

If every Linux user would boycott AMD to release their source, then we could have libreboot: https://libreboot.org/amd-libre.html

ME vs PSP isn't much of a choice. Of course POWER might be an option eventually, but isn't for most of us currently.

dmos625y ago

Or, instead of boycotting, work towards sensible laws for obliging software/hardware providers to provide sources.

Boycott AMD, and obviously Intel [0]. Doesn’t really leave a lot of options.

[0] https://libreboot.org/faq.html#intel

exrook5y ago

Well there is POWER[0], not that it's a very affordable choice, the cheapest motherboard + cpu costing $1,732.07

[0]https://www.raptorcs.com/content/BK1B01/intro.html

But if they release everything libreboot want's wouldn't that potentially undermine DRM (e.g. webdrm pluging as used by netflix)?

I mean I'm not a fan of DRM but then undermining it might cause browsers on Ryzen to no longer be able to run Netflix and similar.

While I guess many people on this site wouldn't care too much it's not profitable for AMD.

But then there should be a way to have both. The case which don't need/want DRM and can have a complete libre system and the case which needs DRM for whatever reason and sadly can't go libre.

als05y ago

POWER has Ultravisor.

freedomben5y ago

It looks like that stuff was hot 3 years ago. Is there a newer (more likely to pay off) push? I'd happily tell AMD that I'm in the market for an expensive new system and I'd instantly go with Ryzen if it were open. As it stands now I'm leaning Intel because it's the devil I know.

yjftsjthsd-h5y ago

I don't understand. Intel has ME, AMD has PSP, neither makes any particular effort to support libreboot (although I'm pretty sure coreboot can work with both if the manufacturer wants, because Chromebooks do that). Unless you believe that Intel is more open, why would you prefer it? It appears to me that they're equally security-unfriendly, but with AMD at least winning on price and performance.

j / k navigate · click thread line to collapse