Announcement

Collapse
No announcement yet.

Lennart Poettering Talks Up A "Brave New Trusted Boot World" For Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by xfcemint View Post
    The design of a perfectly secure and safe digital computer system


    I must mention that I regret that there weren't any additional attempts to solve the stated challenge/problem. I would have also appreciated if there were more questions asked, as I always do. In the obvious absence on any further developments, I have decided to publish the complete solution to the stated problem.

    The design of a perfectly secure and safe digital computer system...
    This is a horrible start.

    You can implement all the chained trust systems you want: an attacker will always have an avenue; perfect security is a myth. If you want perfectly verifiable boot trust, they can break out the logic analyzer and use voltage-based attacks to circumvent the logic, they can decap your secure chips, they can install passive hardware keyloggers....

    The statement of the problem (in the posts above) assumes that the user can securely communicate (both send and receive) data to and from the described single-component system.
    This is begging the question in a convoluted sort of way: "securely send and receive data from the system" is the entire problem. How do you stop an attacker from grabbing encryption keys, sniffing data, injecting unauthenticated modifications-- this is exactly what the issue is.

    You reference an "evil maid" attack-- that's literally how it works, they inject a keyboard sniffer to capture your P1 or P2 in order to later retrieve the computer and enter them. Your system does not address this attack at all.

    You also gloss right over the core problems:
    • How are P1 and P2 updated? Is there access control to prevent an attacker from sniffing your entered P1/2, writing a new P1/P2, and MITMing you via proxy hardware?
    • How is IM1 and LKIM1 updated? Is there access control here? Can a live operating system update them? What stops an attacker from updating them?
    • How are you protecting these keys on the bus, in RAM, in CPU register, at rest....
    • Are you actually implying that IM1 is a photographic image to be used for some sort of verification? Are you aware that techniques exist for imperceptibly but significantly modifying images exist that can defeat vision-based verification?
    And what you're describing sounds like a less developed Pluton, which as I recall got a lot of crap on these forums.

    Comment


    • I would suggest that a blog would be a better format for this, or request to post to phoronix proper, or start a new thread in General Discussion.

      The number of people who will read your article here is vanishingly small.

      Comment


      • I hate Poetterware. First they took over and simplified my init system for which I spent twenty (20) years mastering for all the different distributions and now anyone can write and maintain init scripts with basically no difficulty / significant differences between distributions on the init script front. Second they took over my audio system which was only able to play one track at a time; this was essential to prevent advertisements from automatically playing out of the box since I just had a script that I wrote each (weekly) reformat that locked my audio by playing one track of empty sound. Third they want to expand systemd to basically control my life since I live entirely on my /dev/vda1 and it's expanding to boot security??????????????

        Comment


        • Originally posted by xfcemint View Post
          Hello people!
          I need some help.

          Some incredibly mean guy named "blackiwid" is trying (by very mean and unfair methods) to kill my attempts to make cheap and secure systems available to everyone.

          This is his argument on the topic, in the linked post:
          "None of the hurts you listed are related to microkernel vs monolitic. You could even make the case that a microkernel would make that worse, because evil blobs like the nvidia proprietary driver would probably work with less problems, because more stable api/abis. So a evil company that puts out there proprietary rootkit drivers would have a better stance."

          Can someone help me there to dispell this nonsense that he is writing? Note: the "hurts" are mentined in my post that he is quoting.

          If you look at his other posts in that thread, you'll notice how mean he is.
          While it may be a good read, the problem is that this isn't necessarily the right place for an essay (especially considering you keep re-iterating it).

          I suggest you write a book about it, especially if going in-depth. Then you can reach some people out to review your book.

          Comment

          Working...
          X