Announcement

Collapse
No announcement yet.

The State Of Linux Distributions Handling SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    heh... i give up....

    Comment


    • #47
      Originally posted by mjg59 View Post
      What? Windows 8 boots fine without Secure Boot. You're free to sell it installed on computers that don't even support it, you just don't get Microsoft certification.
      Incorrect - you can SHIP the systems (as OEM) with SecureBoot off, but you will loose right to put "windows 8 certified" on your computers.[1]
      So, in case OEM opts in microsoft way, the user will be required to mess with his system in order to switch secure boot off.
      This is good cause to void warranty.
      This also adds additional complicated step and as such makes it harder for newbies. As you mentioned earlier "security consists of many layers" - these are two such "complication" layers in "securing the customer".
      One more reason to pay FSF to sue microsoft arse.

      Or switch altogether to OPEN platform, taking "Personal Computing" along. Because it ain't personal, when you are forbidden to do personal customization.
      Because SecureBoot is required permanently ON for ARM and windowsRT, which is future of windows.
      You can be assured, microsoft itself nullified your argument above.

      ---
      And in case OEM opts out and decides to disable SecureBoot - he looses right to get "Windows 8 Certified" label.
      Which means:
      1. You are not considered microsoft professional or microsoft partner anymore.
      1.1. If you are large enough, you can counter this.
      2. Windows deactivates and will deactivate functionality, if the system is not certified.

      2.1. This means to OEM, that their system with windows is crippled, although they pay same price to microsoft.
      3. windows 8 OEM certification is a complex procedure involving preinstallation, activation and labeling of the machine. If OEM does not use this, the prices for windows installation will be SIGNIFICANTLY HIGHER - thus his solutions will cost more without being any different, which will unavoidably result in OEM going bankrupt due to (current, still holding) monopoly of microsoft.

      The options above indicate microsoft to use nazi tactics or be nazi themself.

      Either with us or our enemy.

      You may surrender to our rules, or you will get such prices, that you will be out of the market in no time. And because we posses monopoly in marketshare, this is our market.

      Note, this is similar to microsoft hardware OEM agreements, now coming in software.
      Bonus: remember why Gaben started adapting to Linux.

      Originally posted by mjg59 View Post
      It looks for anything that it knows isn't a trusted boot loader and prevents it from running. So, it does?
      The definition of "Trusted" should be "Owner".

      However, the definiton of "Trusted" in "Secure Boot" means "Owner of the signing key"

      The owner of the key is ....microsoft.

      Hereby the only "Trusted" member is "microsoft" or assigned by "microsoft".

      Welcome to antitrust law violation.

      If the owner of the key would be ... anyone, which is what we have with BIOS password... there would be no lock-in and it would be a viable security feature.
      This way, the OWNER of the hardware would generate a key, sign components and save key in own system, the same way CMOS did that, but inside non-volatile TPM module.

      This is the correct way - to put the ownership in hands of the hardware owner.

      But the key is in hands of microsoft as a sole decision maker and hence consititutes either MONOPOLY (similar to OS monopoly) or unavoidably embedded MICROSOFT-ONLY feature (similar to IE).

      Originally posted by duby229 View Post
      heh... i give up....
      Doesn't mean you loose.

      Originally posted by mjg59 View Post
      So, again, suggest a solution that solves the problem that Microsoft are trying to solve without preventing the booting of unsigned code.
      GPL whole windows.
      They are making people trust a black box. The only way to achieve this is to lie and spread FUD.
      Last edited by crazycheese; 12-28-2012, 06:21 PM.

      Comment


      • #48
        Originally posted by duby229 View Post
        It does nothing for Linux. NOTHING. While linux does have its security issues... It doesnt need to worry about MS's security issues.
        So, please tell me how Linux is magically safe from viruses that install themselves to the bootloader...

        The reality is that these viruses can target any operating system, Linux included. Secure boot protects Linux just as effectively as it does windows, the only problem that is getting seriously discussed is that it may be difficult to load custom keys into the trusted keys list. (Notice that I said 'may', there is no guarantee that it will be difficult on all or even the majority of systems)

        Comment


        • #49
          Originally posted by ShadowBane View Post
          So, please tell me how Linux is magically safe from viruses that install themselves to the bootloader...

          The reality is that these viruses can target any operating system, Linux included. Secure boot protects Linux just as effectively as it does windows, the only problem that is getting seriously discussed is that it may be difficult to load custom keys into the trusted keys list. (Notice that I said 'may', there is no guarantee that it will be difficult on all or even the majority of systems)
          Hello and welcome to reality.

          Build all modules in kernel.

          Disable dynamic module loading.

          Make /boot and / RO.

          CRC the /boot partition and make independent system check-verify it, before booting it.

          Place /etc on write-once media.

          Activate NX and Apparmor.

          Secured.

          Comment


          • #50
            Originally posted by crazycheese View Post
            Incorrect - you can SHIP the systems (as OEM) with SecureBoot off, but you will loose right to put "windows 8 certified" on your computers.[1]
            That's what I said. You're free to sell a computer running Windows 8 without Secure Boot. You don't get the Microsoft certification. Since you're not forced to ship with Secure Boot enabled (merely given an incentive to), it's probably not an antitrust violation.

            The touch hardware needs to be certified, not the entire platform.

            The definition of "Trusted" should be "Owner".
            Absolutely, which is why Microsoft require that it be possible to replace the Microsoft keys on any x86 systems. Anyone with access to the firmware menu can install their own keys.

            Comment


            • #51
              Originally posted by crazycheese View Post
              Make /boot and / RO.
              Doesn't help. If someone's gained root access they can just modify /dev/sda directly.

              CRC the /boot partition and make independent system check-verify it, before booting it.
              That'd work, though you'd want to use a cryptographic signature instead of a CRC - it's easy to force a CRC to match. The easiest thing to do would be to have the firmware verify the signature, that way you don't need a second computer to verify your laptop every time you want to boot it. And... you've just reinvented Secure Boot.

              Comment


              • #52
                Originally posted by ShadowBane View Post
                So, please tell me how Linux is magically safe from viruses that install themselves to the bootloader...

                The reality is that these viruses can target any operating system, Linux included. Secure boot protects Linux just as effectively as it does windows, the only problem that is getting seriously discussed is that it may be difficult to load custom keys into the trusted keys list. (Notice that I said 'may', there is no guarantee that it will be difficult on all or even the majority of systems)
                Go ahead and name one... Just one... where by the method of infection is through a booted linux system....

                Comment


                • #53
                  Originally posted by duby229 View Post
                  Go ahead and name one... Just one... where by the method of infection is through a booted linux system....
                  Really, any of the remote root exploits listed here would allow the installation of bootloader viruses...
                  http://www.exploit-db.com/platform/?p=linux

                  Bootloader exploits are attractive because they are very hard to detect from a booted computer. There is no reason to expect that people using Linux would never be targeted by such attacks.

                  Comment


                  • #54
                    Originally posted by mjg59 View Post
                    Doesn't help. If someone's gained root access they can just modify /dev/sda directly.



                    That'd work, though you'd want to use a cryptographic signature instead of a CRC - it's easy to force a CRC to match. The easiest thing to do would be to have the firmware verify the signature, that way you don't need a second computer to verify your laptop every time you want to boot it. And... you've just reinvented Secure Boot.
                    Getting root access on linux is horribly difficult to do without the password. If you dont believe me then try it for yourself.

                    Comment


                    • #55
                      Originally posted by duby229 View Post
                      If you boot Windows 8, You must use secureboot. How is that not forced?

                      If it really was a mechanism to protect against boot viruses.... Shouldnt it look for boot viruses?
                      I don't like to say this to people, but you are an idiot. How do you know what a boot virus looks like? You can certainly detect all the current known ones, but how do you defend against future ones and variants of current ones? Do you provide updates? If so, how do the updates get done?
                      If you go down this path, you've re-invented the modern virus scanner- only worse, as you probably have to put this in a chip, not on a disk, and come up with a way to safely & securely update it. Definition-based virus scanners are great at detecting current and old viruses, but not near-future, and tomorrow's viruses/etc.

                      The problem is if you can install any operating system on the machine, you can subvert any operating system on the machine.

                      Comment


                      • #56
                        Originally posted by ShadowBane View Post
                        Really, any of the remote root exploits listed here would allow the installation of bootloader viruses...
                        http://www.exploit-db.com/platform/?p=linux

                        Bootloader exploits are attractive because they are very hard to detect from a booted computer. There is no reason to expect that people using Linux would never be targeted by such attacks.
                        OK so then lets come up with a native solution. We damn sure dont need MS to decide that since linux can get a boot virus we should just prevent it from booting. I'll promise you that windows can get a boot virus. So lets just prevent -IT- from booting.

                        But see that's my point... MS does --NOT-- need to worry about whether or not linux can get targeted by such attacks... It isnt their concern at all. Not even a teeny weeny tiny little bit.

                        EDIT: MS can come up with whatever excuses they want, but they will never be able to come up with enough excuses to give them the right to determine what linux is acceptable to boot from.
                        Last edited by duby229; 12-28-2012, 06:56 PM.

                        Comment


                        • #57
                          Originally posted by dashcloud View Post
                          I don't like to say this to people, but you are an idiot. How do you know what a boot virus looks like? You can certainly detect all the current known ones, but how do you defend against future ones and variants of current ones? Do you provide updates? If so, how do the updates get done?
                          If you go down this path, you've re-invented the modern virus scanner- only worse, as you probably have to put this in a chip, not on a disk, and come up with a way to safely & securely update it. Definition-based virus scanners are great at detecting current and old viruses, but not near-future, and tomorrow's viruses/etc.

                          The problem is if you can install any operating system on the machine, you can subvert any operating system on the machine.
                          How many more times do I need to say this? How many different ways can it be said?

                          THATS NOT OUR PROBLEM!!!

                          If MS is so worried about their OS, then let them worry about their OS.

                          EDIT: sometimes you gotta do what you gotta do. The thing about freedom is that you're frre to do whatever you want to do as long as you're not stepping on somebody elses freedoms...

                          EDIT2: And about subverting an OS... That will always be true. Secureboot is not going change that. MS OSes have been by far the worst offenders. Windows 8 is -not- going to be exception. It will get infected just as badly as the rest of them have. Secureboot wont fix that. The only thing it does is give MS the ability to decide what OSes are acceptable to boot and which ones arent. THAT is NOT their place. What they need to do is ban the worst offenders... But that would fuck themselves.
                          Last edited by duby229; 12-28-2012, 07:06 PM.

                          Comment


                          • #58
                            Originally posted by duby229 View Post
                            Getting root access on linux is horribly difficult to do without the password. If you dont believe me then try it for yourself.
                            Yeah, it's horribly difficult to modify your .bashrc to alias sudo to something that steals your password. But honestly? I'm a kernel developer. I work on security-related topics. I have a pretty solid idea of how frequently new exploits are found that permit code to be executed as root even without tricking you into handing over your password.

                            Comment


                            • #59
                              Originally posted by mjg59 View Post
                              Doesn't help. If someone's gained root access they can just modify /dev/sda directly.
                              First, they need to do that. That's what other layers are up to.
                              Second, even if have done that, they only defeated one layer. They can't inject kernel code, only in userspace. And userspace can be CRCed as well - but thats outside even of SecureBoot scope.

                              Originally posted by mjg59 View Post
                              That'd work, though you'd want to use a cryptographic signature instead of a CRC - it's easy to force a CRC to match. The easiest thing to do would be to have the firmware verify the signature, that way you don't need a second computer to verify your laptop every time you want to boot it.
                              By "CRC" I meant "hash", not as particular hashing algorithm like CRC32 etc.
                              It is possible to check by system hardware, if its prone to bugs, which it isn't. So its better to use independent system, connecting only for time of pre-boot checks as RO.

                              Originally posted by mjg59 View Post
                              And... you've just reinvented Secure Boot.
                              There is minor difference and a small attribute that you are sure aware of.

                              The difference is that my "version" does not require you to "surrender" to me or be executed.

                              The small attribute is that my "version" was "invented" in 10 seconds of time, and I sure have read about it 2-3 years ago on the network. That means, it is already used in production.

                              And also, if case anyone with ideas browsing, the whole idea above is Defensive Publication at date/time of original post.
                              So don't even try.
                              Last edited by crazycheese; 12-28-2012, 06:52 PM.

                              Comment


                              • #60
                                Originally posted by duby229 View Post
                                How many more times do I need to say this? How many different ways can it be said?

                                THATS NOT OUR PROBLEM!!!

                                If MS is so worried about their OS, then let them worry about their OS.
                                Again, please describe a solution that Microsoft could have used to prevent bootloader malware without also preventing booting of unsigned Linux. They worried about their OS. They came up with a solution that works for their OS. If you don't like their solution, describe a better one.

                                Comment

                                Working...
                                X