As it should.
Implementing UEFI Secure Boot in Fedora
Posted Jun 2, 2012 16:25 UTC (Sat) by micka (subscriber, #38720)
I suppose we won't agree on this.
This equates "malware" with "unsigned software", while it's trivially false.
Posted Jun 2, 2012 17:25 UTC (Sat) by mjg59 (subscriber, #23239)
Posted Jun 2, 2012 17:33 UTC (Sat) by micka (subscriber, #38720)
Posted Jun 2, 2012 17:36 UTC (Sat) by mjg59 (subscriber, #23239)
Posted Jun 2, 2012 17:59 UTC (Sat) by micka (subscriber, #38720)
That's the same reasoning.
Posted Jun 2, 2012 18:02 UTC (Sat) by mjg59 (subscriber, #23239)
Posted Jun 2, 2012 23:42 UTC (Sat) by hummassa (subscriber, #307)
I can be an authorized developer and erroneously sign a piece of software that contains some malware. Typical cases being disgruntled employers pushing vulnerabilities obfuscated in source code, and another example being the development/deployment machine being infected and infecting all generated executables prior to signing -- this way the malware is always present and always signed.
> If you can mechanically distinguish between unsigned malware and unsigned white hat software, I suspect there's a very big bag of money waiting for you somewhere.
There is no way (signatures or not) to distinguish malware from white hat software. It's an undecidable problem even to be solved by humans. The referred bag of money will stay put for a loooooooooong time.
Posted Jun 3, 2012 0:19 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)
In reality, Windows malware is very rarely signed (literally only in single cases) because it provides a traceable link to the developer.
Posted Jun 3, 2012 2:56 UTC (Sun) by hummassa (subscriber, #307)
> , Duqu and Flame are not normal, everyday malware, of course. All three of them were most likely developed by a Western intelligence agency as part of covert operations that weren’t meant to be discovered. The fact that the malware evaded detection proves how well the attackers did their job. In the case of Stuxnet and DuQu, they used digitally signed components to make their malware appear to be trustworthy applications. And instead of trying to protect their code with custom packers and obfuscation engines—which might have drawn suspicion to them—they hid in plain sight. In the case of Flame, the attackers used SQLite, SSH, SSL and LUA libraries that made the code look more like a business database system than a piece of malware.
Read it at http://arstechnica.com/security/2012/06/why-antivirus-com...
Posted Jun 3, 2012 13:30 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)
Most of malware is still unsigned (and that's not likely to change).
Posted Jun 4, 2012 0:13 UTC (Mon) by hummassa (subscriber, #307)
What is not likely to change is that malware will exist and will infect a lot of our computers just like it does today. And cryptographically signing code does absolutely nothing to stop that. Why? Because if every software have to be signed to run, all malware will get signed. Even if the OS refuse to run a single non-signed bit of code, malware will still exist. The stuxnet & friends example I gave were a cautionary tale. There is malware in a lot of signed-only software platforms.
The only thing signed-only platforms bring to the software world is that it turns much more easy to get a scapegoat. No fool will sign malware with his own signature, but it's always good to steal your bosses and coworkers' private keys, you know, just in case...
Posted Jun 4, 2012 4:20 UTC (Mon) by dilinger (subscriber, #2867)
Posted Jun 4, 2012 5:13 UTC (Mon) by raven667 (subscriber, #5198)
Posted Jun 4, 2012 14:34 UTC (Mon) by hummassa (subscriber, #307)
Let me enforce this once again:
So-called "secure" boot is not secure at all.
So-called "secure" boot means ATPM "booting only cryptographically signed binaries". But for any general-purpose computation device be remotely useful, it has to have variable input and output, IOW: somewhere there will be a bug lurking and enabling some sort of exploit by clever manipulation of said IO. Booting only signed binaries does not enhance the security. You don't need Uncle Sam powers to jailbreak iPhones and iPads. At one moment (I assure it, this is still possible) I jailbroke my iPad just by acessing a cleverly-design website. I. e., no need for physical access, if the jailbreak developer was a malware developer, they could have sent a lot of "Caroline Dieckmann nude pics" links via e-mail, twitter and facebook and pwned a lot of iPads and iPhones all around.
So-called "secure" boot means if a key is appropriated by a malware developer, you have a patsy to say "hey, that is Jon's key! Fire him! Sue him!" and CYA.
There is no way -- and there will never be any way, without limiting deeply what computers can do -- to guarantee that all software you have in a computing device is what you think it is and does only what you think it does.
Posted Jun 4, 2012 19:00 UTC (Mon) by raven667 (subscriber, #5198)
Posted Jun 4, 2012 19:21 UTC (Mon) by hummassa (subscriber, #307)
That is *exactly* how iOS boot security works. It only loads cryptographically-signed OS images. I. e., except when it's exploited and then it does not.
> Other systems have implemented this kind of cryptographically protected security, such as the Sony PS3, and have been very resilient in the face of persistant attack. AFAIK the PS3 has only had one successful attack in 5+ years, and that wasn't able to persist on the system, the secure update mechanism remained intact and was able to clean off the exploit and prevent re-exploitation. I would hope that our rockstar Linux devs could build a system at least as resistant to attack as that, if not more so.
Nobody told that to my (still using Linux) PS3.
I repeated over and over, I really don't think that writing a general-purpose OS and computer that resists to attacks and that not would run *any* unsigned code in the time-frame of two years or more is a possible goal.
The timeframe for iDevices jailbreak is usually at most two months after a new version of the bootloader is out (the developers usually keep some of the vulnerabilities on the bootloader secret so when Apple plugs a hole, they have another to exploit). This is exactly what will happen in the case of OS-locked general-purpose computers, if they are as popular as iDevices...
Posted Jun 4, 2012 19:49 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
Boot protection on iDevices is half-hearted at best. Apple doesn't really care about you jailbreaking their hardware.
Now, try to jailbreak XBox360 hypervisor - it's impossible or very close to it.
Posted Jun 4, 2012 20:13 UTC (Mon) by raven667 (subscriber, #5198)
I don't think either of us have enough details to speak intelligently on the subject of iOS boot security, the details matter.
> Nobody told that to my (still using Linux) PS3.
So you are both running Linux and recent games, PSN, etc. or did you just stop updating your machine?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds