Re: Trusted kernel patchset for Secure Boot lockdown

From: Kees Cook
Date: Wed Mar 19 2014 - 15:50:52 EST

Next message: Stephen Warren: "Re: [PATCH V4] serial/uart/8250: Add tunable RX interrupt trigger I/F of FIFO buffers"
Previous message: Peter Zijlstra: "Re: [RFC PATCH] cifs: Fix possible deadlock with cifs and work queues"
In reply to: Florian Weimer: "Re: Trusted kernel patchset for Secure Boot lockdown"
Next in thread: Kees Cook: "Re: Trusted kernel patchset for Secure Boot lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 14, 2014 at 3:31 PM, One Thousand Gnomes
<gnomes@xxxxxxxxxxxxxxxxxxx> wrote:
> On Fri, 14 Mar 2014 22:15:45 +0000
> Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote:
>
>> On Fri, 2014-03-14 at 22:08 +0000, One Thousand Gnomes wrote:
>> > On Fri, 14 Mar 2014 21:56:33 +0000
>> > Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote:
>> > > Signed userspace is not a requirement, and therefore any solution that
>> > > relies on a signed initrd is inadequate. There are use cases that
>> > > require verification of the initrd and other levels. This isn't one of
>> > > them.
>> >
>> > The job of the kernel is to solve the general problem. There are lots of
>> > people who happen to care about verification beyond the kernel so it
>> > shouldn't be ignored. And they can do do things like load trusted SELinux
>> > rulesets even if you can't support it in your environment.
>>
>> The general problem includes having to support this even without an
>> selinux policy.
>
> Yes. No dispute about that. But equally the general solution should allow
> for it.
>
>> And one that's not going to change, so the general problem includes not
>> relying on a signed initramfs.
>
> Likewise
>
>> some other way. ChromeOS will load unmeasured kernel modules provided it
>> can attest to the trustworthyness of the filesystem containing them.
>
> See "How to Bypass Verified Boot Security in Chromium OS" 8)

That method a) is intentionally available (system owner can disable
firmware RO and install their own keys), and b) requires physical
presence.

> So ChromeOS loads *measured* kernel modules. It just did the measuring
> differently to the signed module code.

Right, using dm-verity. However, the read-only media case is still
valid (and is why I am still trying to get the module restrictions LSM
accepted, and why I'm modelling my firmware restrictions on the same
principle).

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Warren: "Re: [PATCH V4] serial/uart/8250: Add tunable RX interrupt trigger I/F of FIFO buffers"
Previous message: Peter Zijlstra: "Re: [RFC PATCH] cifs: Fix possible deadlock with cifs and work queues"
In reply to: Florian Weimer: "Re: Trusted kernel patchset for Secure Boot lockdown"
Next in thread: Kees Cook: "Re: Trusted kernel patchset for Secure Boot lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]