From: Andy Lutomirski <luto@kernel.org>
To: Peter Jones <pjones@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>,
Matthew Garrett <mjg59@google.com>,
David Howells <dhowells@redhat.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
James Morris <jmorris@namei.org>,
Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Justin Forbes <jforbes@redhat.com>,
linux-man <linux-man@vger.kernel.org>, joeyli <jlee@suse.com>,
LSM List <linux-security-module@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Kees Cook <keescook@chromium.org>,
linux-efi <linux-efi@vger.kernel.org>
Subject: Re: [GIT PULL] Kernel lockdown for secure boot
Date: Thu, 5 Apr 2018 11:47:52 -0700 [thread overview]
Message-ID: <CALCETrU_4PywXj78pzfuCYCfXxQNvi_K-KfuyZKHu-upfesdPw@mail.gmail.com> (raw)
In-Reply-To: <20180404184255.exdrtpqnxlqme7tl@redhat.com>
On Wed, Apr 4, 2018 at 11:42 AM, Peter Jones <pjones@redhat.com> wrote:
> On Tue, Apr 03, 2018 at 02:51:23PM -0700, Andy Lutomirski wrote:
>> On Tue, Apr 3, 2018 at 12:29 PM, Matthew Garrett <mjg59@google.com> wrote:
>> Can someone please explain why the UEFI crowd cares so much about "as
>> a bootloader"? Once I'm able to install an OS (Linux kernel +
>> bootloader, Windows embedded doodad, OpenBSD, whatever) on your
>> machine, I can use your peripherals, read your data, write your data,
>> see your keystrokes, use your network connection, re-flash your BIOS
>> (at least as well as any OS can), run VMs, and generally own your
>> system. Somehow you all seem fine with all of this, except that the
>> fact that I can chainload something else gives UEFI people the
>> willies.
>>
>> Can someone explain why?
>
> There's no inherent difference, in terms of the trust chain, between
> compromising it to use the machine as a toaster or to run a botnet - the
> trust chain is compromised either way. But you're much more likely to
> notice if your desktop starts producing bread products than if it hides
> some malware and keeps on booting, and the second one is much more
> attractive to attackers anyway.
>
> The reason we talk about it as a bootloader is because of the model
> employed by malware. I'm sure you know that one kind of malware that
> exists in the wild, a so-called "boot kit", operates by modifying a
> kernel during load (or on disk before loading) so that it has some
> malicious payload, like exfiltrating user data or allowing a way to
> install software that the kernel hides or *whatever*, and incorporating
> some way to achieve relative persistence on the system - for example
> hiding the real boot settings and loading a kernel with a different than
> normal initramfs that loads an exploit before continuing with a normal
> looking boot.
This is a fair point, but I wonder how much it matters in practice.
If I'm writing a bootkit, I can think of at least four ways to do it.
1. The easy way. Write a malicious bootloader that modifies the
kernel image to insert malicious code. Stock secure boot makes this
awkward because you need a signed bootloader. It's worth noting that
a non-locked-down signed Linux kernel is actually a rather awkward way
to do this because it will add several seconds to the boot and may
show a splash screen unless you're rather careful.
2. The CPL3 way. Write a malicious initramfs that inserts the
malicious code in PID 1 instead. This might be easier to get working
across a variety of Linux kernels, but it's more awkward to hide well
from userspace. Conventional secure boot (with the stock MS keys)
doesn't help at all.
3. The nasty way. Find a known exploitable kernel or bootloader, and
use it to do your evil deeds. This is very, very hard to protect
against with normal secure boot.
4. The VM-kit way. Use a signed, locked down, perfectly secure kernel
and run your pwned system as a VM guest. Secure boot doesn't help one
whit.
*All* of these variants are avoided by a real, working verified boot
approach that chains all the way down to the running system image, and
*that* solution doesn't need cpl0 and cpl3 to be separated.
So I find myself wondering whether the bootkit argument is actually
very compelling.
next prev parent reply other threads:[~2018-04-05 18:47 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4136.1522452584@warthog.procyon.org.uk>
[not found] ` <alpine.LRH.2.21.1803311145180.7769@namei.org>
2018-04-03 0:37 ` [GIT PULL] Kernel lockdown for secure boot Andy Lutomirski
2018-04-03 0:59 ` Kees Cook
2018-04-03 1:47 ` Andy Lutomirski
2018-04-03 7:06 ` David Howells
2018-04-03 15:11 ` Andy Lutomirski
2018-04-03 15:41 ` Alexei Starovoitov
2018-04-03 16:26 ` Andy Lutomirski
2018-04-03 16:29 ` Matthew Garrett
2018-04-03 16:45 ` Andy Lutomirski
[not found] ` <CAGXu5j+CyVXEvsMarJjBwaNh7poVZtmit5PGmQM9rKKqZPqVXg@mail.gmail.com>
2018-04-03 19:01 ` Andy Lutomirski
2018-04-03 19:07 ` Kees Cook
2018-04-03 19:29 ` Matthew Garrett
2018-04-03 21:51 ` Andy Lutomirski
2018-04-04 18:42 ` Peter Jones
2018-04-04 20:01 ` Thomas Gleixner
2018-04-04 20:18 ` Matthew Garrett
2018-04-05 18:47 ` Andy Lutomirski [this message]
2018-04-06 4:42 ` Peter Dolding
2018-04-03 17:16 ` David Howells
2018-04-03 19:01 ` Andy Lutomirski
2018-04-03 19:49 ` David Howells
2018-04-03 21:58 ` Andy Lutomirski
2018-04-03 22:32 ` David Howells
2018-04-03 22:39 ` Andy Lutomirski
2018-04-03 22:46 ` Linus Torvalds
2018-04-03 22:51 ` Matthew Garrett
2018-04-03 22:53 ` Andy Lutomirski
2018-04-03 23:09 ` Matthew Garrett
2018-04-03 23:08 ` Linus Torvalds
2018-04-03 23:10 ` Linus Torvalds
2018-04-03 23:17 ` Matthew Garrett
2018-04-03 23:26 ` Linus Torvalds
2018-04-03 23:39 ` Linus Torvalds
2018-04-03 23:47 ` Matthew Garrett
2018-04-04 0:02 ` Linus Torvalds
2018-04-04 0:04 ` Matthew Garrett
2018-04-04 0:08 ` Linus Torvalds
2018-04-04 0:12 ` Matthew Garrett
2018-04-05 14:58 ` Alan Cox
2018-04-04 0:22 ` David Howells
2018-04-05 17:59 ` Alan Cox
2018-04-05 18:03 ` Matthew Garrett
2018-04-03 23:45 ` Matthew Garrett
2018-04-03 23:55 ` Linus Torvalds
2018-04-03 23:59 ` Matthew Garrett
2018-04-04 0:06 ` Linus Torvalds
2018-04-04 0:10 ` Matthew Garrett
2018-04-04 0:15 ` Linus Torvalds
2018-04-04 0:16 ` Matthew Garrett
2018-04-04 0:18 ` Andy Lutomirski
2018-04-04 0:19 ` Matthew Garrett
2018-04-04 9:04 ` Greg Kroah-Hartman
2018-04-04 0:25 ` Linus Torvalds
2018-04-04 0:33 ` Linus Torvalds
2018-04-04 0:46 ` Matthew Garrett
2018-04-04 0:56 ` Linus Torvalds
2018-04-04 1:13 ` Matthew Garrett
2018-04-04 1:43 ` Linus Torvalds
2018-04-04 4:30 ` Matthew Garrett
2018-04-04 12:57 ` Theodore Y. Ts'o
2018-04-04 13:02 ` Greg Kroah-Hartman
2018-04-04 13:34 ` Theodore Y. Ts'o
2018-04-04 13:57 ` Greg Kroah-Hartman
2018-04-04 13:29 ` Mike Galbraith
2018-04-04 16:20 ` Matthew Garrett
2018-04-08 22:00 ` Pavel Machek
2018-04-04 13:33 ` David Howells
2018-04-04 13:52 ` Theodore Y. Ts'o
2018-04-04 16:22 ` Matthew Garrett
2018-04-04 16:39 ` Andy Lutomirski
2018-04-04 16:42 ` Matthew Garrett
2018-04-04 16:46 ` Justin Forbes
2018-04-05 0:05 ` Peter Dolding
2018-04-05 0:20 ` Matthew Garrett
2018-04-04 13:57 ` David Howells
2018-04-04 16:09 ` Linus Torvalds
2018-04-04 16:17 ` Matthew Garrett
2018-04-04 6:56 ` Peter Dolding
2018-04-04 16:26 ` Matthew Garrett
2018-04-05 1:28 ` Peter Dolding
2018-04-04 1:36 ` Justin Forbes
[not found] ` <CAFbkSA0ursG3RGWU19LQiD6u30h5V=Aqj3oVyHQCiX6MLopYUg@mail.gmail.com>
2018-04-04 1:58 ` Linus Torvalds
2018-04-04 0:17 ` Jann Horn
2018-04-04 0:23 ` Andy Lutomirski
2018-04-04 8:05 ` David Howells
2018-04-04 14:35 ` Andy Lutomirski
2018-04-04 14:44 ` David Howells
2018-04-04 15:43 ` Eric W. Biederman
2018-04-03 23:56 ` David Howells
2018-04-03 23:58 ` Linus Torvalds
2018-04-03 23:39 ` David Howells
2018-04-03 23:48 ` Andy Lutomirski
2018-04-08 8:23 ` Pavel Machek
2018-04-03 23:12 ` David Howells
2018-04-03 23:27 ` Linus Torvalds
2018-04-03 23:42 ` Andy Lutomirski
2018-04-03 20:53 ` Linus Torvalds
2018-04-03 20:54 ` Matthew Garrett
2018-04-03 21:01 ` Linus Torvalds
2018-04-03 21:08 ` Matthew Garrett
2018-04-03 21:21 ` Al Viro
2018-04-03 21:37 ` Matthew Garrett
2018-04-03 21:26 ` Linus Torvalds
2018-04-03 21:32 ` Matthew Garrett
2018-04-08 8:10 ` Pavel Machek
2018-04-04 2:34 Alexei Starovoitov
2018-04-04 4:31 ` Matthew Garrett
2018-04-08 7:44 ` joeyli
2018-04-08 8:07 ` joeyli
2018-04-09 3:40 ` Alexei Starovoitov
2018-04-09 8:14 ` Daniel Borkmann
2018-04-09 13:55 ` joeyli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrU_4PywXj78pzfuCYCfXxQNvi_K-KfuyZKHu-upfesdPw@mail.gmail.com \
--to=luto@kernel.org \
--cc=ard.biesheuvel@linaro.org \
--cc=dhowells@redhat.com \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jforbes@redhat.com \
--cc=jlee@suse.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@google.com \
--cc=pjones@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).