Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown

From: James Bottomley
Date: Tue Nov 14 2017 - 17:15:12 EST

Next message: Andrei Vagin: "Re: [PATCH] net: Convert net_mutex into rw_semaphore and down read it on net->init/->exit"
Previous message: Jim Quinlan: "[PATCH v3 3/8] PCI: brcmstb: Add Broadcom STB PCIe host controller driver"
In reply to: Matthew Garrett: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Next in thread: Matthew Garrett: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2017-11-14 at 15:55 -0500, Matthew Garrett wrote:
> On Tue, Nov 14, 2017 at 3:50 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx
> > wrote:
> >
> > On Tue, Nov 14, 2017 at 12:18:54PM -0800, Linus Torvalds wrote:
> > >
> > > This is all theoretical security masturbation. The _real_ attacks
> > > have been elsewhere.
> >
> > In my research on this front I'll have to agree with this, in terms
> > of justification and there are only *two* arguments which I've soÂ
> > far have found to justify firmware signing:
> >
> > a) If you want signed modules, you therefore should want signed
> > firmware.
> > ÂÂÂThis however seems to be solved by using trusted boot thing,
> > given it
> > ÂÂÂseems trusted boot requires having firmware be signed as well.
> > (Docs
> > ÂÂÂwould be useful to get about where in the specs this is
> > mandated,
> > ÂÂÂanyone?). Are there platforms that don't have trusted boot or
> > for which
> > ÂÂÂthey don't enforce hardware checking for signed firmware for
> > which
> > ÂÂÂwe still want to support firmware signing for? Are there
> > platforms
> > ÂÂÂthat require and use module signing but don't and won't have a
> > trusted
> > ÂÂÂboot of some sort? Do we care?
>
> TPM-backed Trusted Boot means you don't /need/ to sign anything,
> since the measurements of what you loaded will end up in the TPM. But
> signatures make it a lot easier, since you can just assert that only
> signed material will be loaded and so you only need to measure the
> kernel and the trusted keys.

Actually, I'd disagree with that quite a lot: measured boot only works
if you're attesting to something outside of your system that has the
capability for doing something about a wrong measurement. ÂAbsent that,
measured boot has no safety whatsoever. ÂSecure boot, on the other
hand, can enforce not booting with elements that fail the signature
check.

The question, really, in any system, is how you want to prove security.
ÂIn a standalone server system, measured boot is pretty useless because
you don't have an external entity to attest to, so signatures and
secure boot are really the bulwark against breaches. ÂIn a properly
attested server cluster whose attestation controller has the ability to
reboot you, perhaps signatures and secure boot don't add that much more
value.

James

Next message: Andrei Vagin: "Re: [PATCH] net: Convert net_mutex into rw_semaphore and down read it on net->init/->exit"
Previous message: Jim Quinlan: "[PATCH v3 3/8] PCI: brcmstb: Add Broadcom STB PCIe host controller driver"
In reply to: Matthew Garrett: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Next in thread: Matthew Garrett: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]