Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown
Matthew Garrett
mjg59 at google.com
Tue Nov 14 19:58:20 UTC 2017
On Tue, Nov 14, 2017 at 9:34 AM, Linus Torvalds
<torvalds at linux-foundation.org> wrote:
> It's this insane "firmware is special" that I disagree with. It's not
> special at all.
Our ability to determine that userland hasn't been tampered with
depends on the kernel being trustworthy. If userland can upload
arbitrary firmware to DMA-capable devices then we can no longer trust
the kernel. So yes, firmware is special.
Here's an example: we have a signed initramfs that's loaded by a
signed bootloader. That initramfs sets up a trustworthy audit chain
and loads an LSM policy that prevents the rest of userland from
interfering with it. From that point on, we don't care about the rest
of userland being signed - we know it can't interfere with us, but we
can reliably inspect what it's doing. Even an offline attack can't do
any damage, since the audit code is still signed. However, the
LSM-imposed boundary depends on the kernel being trustworthy. If an
attacker can replace the firmware that's uploaded to a device that can
do arbitrary DMA then they can tamper with the supposedly trustworthy
audit code and provide false information. Being able to tamper with
the contents of /usr/bin/* doesn't give them that.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list