Re: [GIT PULL] Kernel lockdown for secure boot
From: Andy Lutomirski
Date: Tue Apr 03 2018 - 19:43:14 EST
On Tue, Apr 3, 2018 at 4:12 PM, David Howells <dhowells@xxxxxxxxxx> wrote:
> Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>
>> I'm having a very, very hard time coming up with a scenario where I
>> can "trust" something if an attacker can get root but can't modify the
>> running kernel image but I can't "trust" something if the attacker
>> can [modify the running kernel image].
>
> (I think the above is what you meant)
>
> Let's go at this a different way. How do you decide you can trust something
> in this context? You compare it to something. Signing it, keeping a hash
> whitelist, IMA - these are all ways of comparing something. Do you agree with
> that?
I trust or distrust a system as a whole. I don't make that decision
by comparing it to anything. I make it by evaluating how the system
works and deciding whether it's trustworthy.
>
> What use is secure boot if processes run as root can subvert your kernel?
>
Secure boot serves several purposes:
1. Anti-competitive purposes. It's intentionally difficult to run
non-Windows OSes on Windows ARM machines, for example.
2. Allowing me to use a stock UEFI machine to have a verified boot chain.
The latter has nothing whatsoever to do with CPL0. The former,
however, does. If I could easily write some Windows program to run
CPL0 code, then I could chainload Linux using the Windows image, and
I've subverted the purpose.
Cynical? Yes.
>> > There's no point bothering with UID/GID checking either.
>>
>> Give me a break. There's a *huge* difference between a system where
>> only root can load unsigned modules and a system where anyone can load
>> unsigned modules.
>
> I don't think we've ever advocated letting just anyone load a module.
>
> But my point is that if you can modify the running kernel, you can nullify all
> security checks, including UID/GID checks.
>
>> > However, if /dev/mem can be read, any root process can extract the session
>> > key for your disk.
>>
>> Any root process can read /dev/mapper/plaintext_disk, lockdown or otherwise.
>
> True - for now - and they can also access the mounted filesystem. But if they
> get their hands on your powered-off computer, no, they can't.
This is, IMO, a silly argument. You're saying that some bad guy has
managed to run code as root on my laptop. Then, next week, the bad
guy steals my laptop while it's powered off, and Lockdown is supposed
to protect me against that bad guy. If this happens, I've already
lost completely, lockdown or no.