OpenBSD kernel address randomized link

Posted Jul 13, 2017 12:03 UTC (Thu) by matthias (subscriber, #94967)
In reply to: OpenBSD kernel address randomized link by dskoll
Parent article: OpenBSD kernel address randomized link

When I read the text I first thought: good idea and I saw no problems with secure boot until the rc script came into play. Then I thought O crap.

For secure boot I would design sth. like a boot loader and linker (opposed to just a boot loader). In this scenario, a kernel is a signed tar.gz (or sth. equivalent) containing a buch of .o files. The boot loader and linker would
- be signed itself (signature verified by secure boot)
- check the signature of the kernel
- untar the kernel
- link the kernel
- execute the kernel

Probably this can be achieved with some initramfs and the kexec mechanism. To avoid some overhead (and problems with kexec not always being available), one could implement a grub module. Actually, this is roughly what I was thinking of when starting to read the article.

There could be one additional problem: Where to get good random data in very early boot? Apart from this problem, my solution should be cleaner. E.g., it would also work for embedded systems, without writeable permanent storage. However, it will be more work to implement.

OpenBSD kernel address randomized link

Posted Jul 13, 2017 17:34 UTC (Thu) by Nahor (subscriber, #51583) [Link]

Or the "kernel image" could be the linker + .o files. The bootloader would remain unchanged and load everything in RAM. Then the linker would move the .o files around and link them then execute the normal kernel code.

I think the kernel already has a linker (for modules).
And this also works for IoT devices, where the filesystem is likely RO.

DAX would be an issue though.

All that said, the solution seems so obvious that I'm sure I'm missing something critical...