Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown
James Bottomley
James.Bottomley at HansenPartnership.com
Tue Nov 14 22:31:36 UTC 2017
On Tue, 2017-11-14 at 14:17 -0800, Matthew Garrett wrote:
> On Tue, Nov 14, 2017 at 2:14 PM, James Bottomley
> <James.Bottomley at hansenpartnership.com> wrote:
> >
> > On Tue, 2017-11-14 at 15:55 -0500, Matthew Garrett wrote:
> > >
> > > TPM-backed Trusted Boot means you don't /need/ to sign anything,
> > > since the measurements of what you loaded will end up in the TPM.
> > > But signatures make it a lot easier, since you can just assert
> > > that only signed material will be loaded and so you only need to
> > > measure the kernel and the trusted keys.
> >
> > Actually, I'd disagree with that quite a lot: measured boot only
> > works if you're attesting to something outside of your system that
> > has the capability for doing something about a wrong
> > measurement. Absent that, measured boot has no safety
> > whatsoever. Secure boot, on the other hand, can enforce not
> > booting with elements that fail the signature check.
>
> Measured boot has a great deal of value in the sealing of private
> material, even in the absence of attestation. The way Microsoft make
> use of PCR7 is a good example of how signatures make this easier -
> achieving the same goal with a full measurement of the boot chain
> instead of relying on signature validation results in significantly
> more fragility.
OK, so I agree that if you have sealed something required for boot (and
have the capability for resealing it on OS upgrade) you can use
measurements locally. However, I don't believe we have any systems
today in Linux which can do this (we have theoretical ideas about how
we might do it with LUKS root keys and one day we might actually have
the infrastructure to make it viable for a standard laptop).
Absent that, secure boot provides a reasonable measure of security
which works with today's infrastructure.
Note: this doesn't mean I necessarily want signatures everywhere (like
firmware). We can sign elements in blobs that provide the effective
security without needing more granular signatures.
James
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list