User: Password:
|
|
Subscribe / Log in / New account

SUSE and Secure Boot: The Details (SUSE Blog)

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 11, 2012 23:13 UTC (Sat) by geofft (subscriber, #59789)
In reply to: SUSE and Secure Boot: The Details (SUSE Blog) by gmaxwell
Parent article: SUSE and Secure Boot: The Details (SUSE Blog)

> "YOU APPEAR TO BE INSTALLING A NEW OPERATING SYSTEM. IF THIS IS WHAT YOU WANTED SAY YES"

We all know that users click "Yes" on anything that looks like it might be a dialog box with a "Yes" button.

Possibly having the BIOS cache the boot sector, and completely refuse to boot if the boot sector is modified, unless they go into the BIOS in advance to say "okay, boot any boot sector once", would be helpful.

It may need to cache the stage 1 bootloader, too, and also the stage 1 bootloader will need to be expected to do checks on the rest of the bootloader on the kernel, to enforce the property you want that no untrusted code can run with privilege (and then the kernel does checks on the trusted components of userspace).

Of course, that makes it awkward to deliver software updates to the boot sector / stage 1 bootloader. So maybe those things should just have a digital certificate, and you need to go into the BIOS to say "okay, accept any new certificate once", but don't need to go into the BIOS to accept new boot sectors / bootloaders signed by the certificate.

And this is (unintentionally) starting to sound a lot like Secure Boot as actually defined. In fact, I think approximately the only difference is that Microsoft is being so kind as to let other people's code be signed by their certificate (and that Microsoft still has a monopoly over the PC market, so "being so kind" is pretty much the _least_ they could do to not be abusing their monopoly... but in a more competitive market, this seems technically reasonable).


(Log in to post comments)

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 12, 2012 17:00 UTC (Sun) by khim (subscriber, #9252) [Link]

Possibly having the BIOS cache the boot sector, and completely refuse to boot if the boot sector is modified, unless they go into the BIOS in advance to say "okay, boot any boot sector once", would be helpful.

This approach was tried more then decade ago. It does not work. Either user knows nothing about BIOS menus (that's the majority of them!) and only creates needless pressure on support channel or s/he have enough knowleadge to open BIOS menu and boot anyway — in this case they WILL open menu and boot anyway even on malware infected system.

You really don't want to give knobs to normal user. Knobs for some geeks (think ChromeOS devices with a switch under battery) are Ok and in fact can be considered security feature (it severely reduces pool of the people who want to crack your boot process), but normal user should never see “yes/no” message.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds