Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Most of malware is still unsigned (and that's not likely to change).
Implementing UEFI Secure Boot in Fedora
Posted Jun 4, 2012 0:13 UTC (Mon) by hummassa (subscriber, #307)
What is not likely to change is that malware will exist and will infect a lot of our computers just like it does today. And cryptographically signing code does absolutely nothing to stop that. Why? Because if every software have to be signed to run, all malware will get signed. Even if the OS refuse to run a single non-signed bit of code, malware will still exist. The stuxnet & friends example I gave were a cautionary tale. There is malware in a lot of signed-only software platforms.
The only thing signed-only platforms bring to the software world is that it turns much more easy to get a scapegoat. No fool will sign malware with his own signature, but it's always good to steal your bosses and coworkers' private keys, you know, just in case...
Posted Jun 4, 2012 4:20 UTC (Mon) by dilinger (subscriber, #2867)
Posted Jun 4, 2012 5:13 UTC (Mon) by raven667 (subscriber, #5198)
Posted Jun 4, 2012 14:34 UTC (Mon) by hummassa (subscriber, #307)
Let me enforce this once again:
So-called "secure" boot is not secure at all.
So-called "secure" boot means ATPM "booting only cryptographically signed binaries". But for any general-purpose computation device be remotely useful, it has to have variable input and output, IOW: somewhere there will be a bug lurking and enabling some sort of exploit by clever manipulation of said IO. Booting only signed binaries does not enhance the security. You don't need Uncle Sam powers to jailbreak iPhones and iPads. At one moment (I assure it, this is still possible) I jailbroke my iPad just by acessing a cleverly-design website. I. e., no need for physical access, if the jailbreak developer was a malware developer, they could have sent a lot of "Caroline Dieckmann nude pics" links via e-mail, twitter and facebook and pwned a lot of iPads and iPhones all around.
So-called "secure" boot means if a key is appropriated by a malware developer, you have a patsy to say "hey, that is Jon's key! Fire him! Sue him!" and CYA.
There is no way -- and there will never be any way, without limiting deeply what computers can do -- to guarantee that all software you have in a computing device is what you think it is and does only what you think it does.
Posted Jun 4, 2012 19:00 UTC (Mon) by raven667 (subscriber, #5198)
Posted Jun 4, 2012 19:21 UTC (Mon) by hummassa (subscriber, #307)
That is *exactly* how iOS boot security works. It only loads cryptographically-signed OS images. I. e., except when it's exploited and then it does not.
> Other systems have implemented this kind of cryptographically protected security, such as the Sony PS3, and have been very resilient in the face of persistant attack. AFAIK the PS3 has only had one successful attack in 5+ years, and that wasn't able to persist on the system, the secure update mechanism remained intact and was able to clean off the exploit and prevent re-exploitation. I would hope that our rockstar Linux devs could build a system at least as resistant to attack as that, if not more so.
Nobody told that to my (still using Linux) PS3.
I repeated over and over, I really don't think that writing a general-purpose OS and computer that resists to attacks and that not would run *any* unsigned code in the time-frame of two years or more is a possible goal.
The timeframe for iDevices jailbreak is usually at most two months after a new version of the bootloader is out (the developers usually keep some of the vulnerabilities on the bootloader secret so when Apple plugs a hole, they have another to exploit). This is exactly what will happen in the case of OS-locked general-purpose computers, if they are as popular as iDevices...
Posted Jun 4, 2012 19:49 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
Boot protection on iDevices is half-hearted at best. Apple doesn't really care about you jailbreaking their hardware.
Now, try to jailbreak XBox360 hypervisor - it's impossible or very close to it.
Posted Jun 4, 2012 20:13 UTC (Mon) by raven667 (subscriber, #5198)
I don't think either of us have enough details to speak intelligently on the subject of iOS boot security, the details matter.
> Nobody told that to my (still using Linux) PS3.
So you are both running Linux and recent games, PSN, etc. or did you just stop updating your machine?
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds