lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Nov 2016 11:22:17 -0800
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Josh Boyer <jwboyer@...oraproject.org>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc:     David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org,
        Matthew Garrett <matthew.garrett@...ula.com>,
        "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        linux-security-module <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

On Mon, 2016-11-21 at 11:25 -0500, Josh Boyer wrote:
> On Mon, Nov 21, 2016 at 11:16 AM, Ard Biesheuvel
> <ard.biesheuvel@...aro.org> wrote:
> > On 16 November 2016 at 18:11, David Howells <dhowells@...hat.com>
> > wrote:
> > > From: Josh Boyer <jwboyer@...oraproject.org>
> > > 
> > > Secure Boot stores a list of allowed certificates in the 'db' 
> > > variable. This imports those certificates into the system trusted 
> > > keyring.   This allows for a third party signing certificate to 
> > > be used in conjunction with signed modules.  By importing the 
> > > public certificate into the 'db' variable, a user can allow a 
> > > module signed with that certificate to load.  The shim UEFI 
> > > bootloader has a similar certificate list stored in the
> > > 'MokListRT' variable.  We import those as well.
> > > 
> > 
> > This sounds like a bad idea to me. For the standard databases like 
> > db and dbx, we can rely on the firmware to ensure that they are 
> > what you expect. For MokListRt, not so much: anyone with sufficient
> > capabilities can generate such a variable from userland, and not 
> > every arch/distro combo will be using shim and/or mokmanager. (The
> > debates are still ongoing, but my position is that there is no need 
> > for shim at all on ARM given that the M$ problem only exists on
> > x86)
> 
> In order for MokListRT to be modified, the user has to have physical
> access and boot into Mok and complete the enrollment.  That is no
> different than simply enrolling in db or dbx.  I don't see a
> difference in security under the thread model that Secure Boot is
> attempting to protect against.

Isn't a potential attack to write to MokListRT and then force a kexec? 
 That means shim doesn't validate the variable yet you treat it as
though it has been validated.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ