Brief items
Security
Garrett: PSA: upgrade your LUKS key derivation function
Matthew Garrett points out that many Linux systems using encrypted disks were installed with a relatively weak key derivation function that could make it relatively easy for a well-resourced attacker to break the encryption:
So, in these days of attackers with access to a pile of GPUs, a purely computationally expensive KDF is just not a good choice. And, unfortunately, the subject of this story was almost certainly using one of those. Ubuntu 18.04 used the LUKS1 header format, and the only KDF supported in this format is PBKDF2. This is not a memory expensive KDF, and so is vulnerable to GPU-based attacks. But even so, systems using the LUKS2 header format used to default to argon2i, again not a memory expensive KDF. New versions default to argon2id, which is. You want to be using argon2id.
The article includes instructions on how to (carefully) switch an installed system to a more secure setup.
Security quotes of the week
For modern UEFI systems, the firmware that's launched from the reset vector then reprograms the CPU into a sensible mode (ie, one without all this segmentation bullshit), does things like configure the memory controller so you can actually access RAM (a process which involves using CPU cache as RAM, because programming a memory controller is sufficiently hard that you need to store more state than you can fit in registers alone, which means you need RAM, but you don't have RAM until the memory controller is working, but thankfully the CPU comes with several megabytes of RAM on its own in the form of cache, so phew). It's kind of ugly, but that's a consequence of a bunch of well-understood legacy decisions.— Matthew GarrettExcept. This is not how modern Intel x86 boots. It's far stranger than that. Oh, yes, this is what it looks like is happening, but there's a bunch of stuff going on behind the scenes. Let's talk about boot security. The idea of any form of verified boot (such as UEFI Secure Boot) is that a signature on the next component of the boot chain is validated before that component is executed. But what verifies the first component in the boot chain? You can't simply ask the BIOS to verify itself - if an attacker can replace the BIOS, they can replace it with one that simply lies about having done so. Intel's solution to this is called Boot Guard.
But before we get to Boot Guard, we need to ensure the CPU is running in as bug-free a state as possible. So, when the CPU starts up, it examines the system flash and looks for a header that points at CPU microcode updates. Intel CPUs ship with built-in microcode, but it's frequently old and buggy and it's up to the system firmware to include a copy that's new enough that it's actually expected to work reliably. The microcode image is pulled out of flash, a signature is verified, and the new microcode starts running. This is true in both the Boot Guard and the non-Boot Guard scenarios. But for Boot Guard, before jumping to the reset vector, the microcode on the CPU reads an Authenticated Code Module (ACM) out of flash and verifies its signature against a hardcoded Intel key. If that checks out, it starts executing the ACM. Now, bear in mind that the CPU can't just verify the ACM and then execute it directly from flash - if it did, the flash could detect this, hand over a legitimate ACM for the verification, and then feed the CPU different instructions when it reads them again to execute them (a Time of Check vs Time of Use, or TOCTOU, vulnerability). So the ACM has to be copied onto the CPU before it's verified and executed, which means we need RAM, which means the CPU already needs to know how to configure its cache to be used as RAM.
It appears that a major problem here is that collectively we are unwilling to make any substantial investment in effective defence or deterrence. The systems that we use on the Internet are overly trusting to the point of irrational credulity. For example, the public key certification system used to secure web-based transactions is repeatedly demonstrated to be entirety untrustworthy, yet that's all we trust. Personal data is continually breached and leaked, yet all we seem to want to do is increase the number and complexity of regulations rather than actually use better tools that would effectively protect users.— Geoff Huston in a lengthy reflection on internet history—and its future
It's not just Congressdunderheads and Tiktok CEOs who treat "don't spy on under-13s" as a synonym for "don't let under-13s use this service." Every tech product designer and every general counsel at every tech company treats these two propositions as equivalent, because they are literally incapable of imagining a surveillance-free online service.— Cory Doctorow
Kernel development
Kernel release status
The current development kernel is 6.3-rc7, released on April 16. Linus said: "Let's hope we have just one more calm week, and we'll have had a nice uneventful release cycle. Knock wood".
Stable updates: 6.2.11, 6.1.24, and 5.15.107 were released on April 13.
The 6.2.12, 6.1.25, 5.15.108, 5.10.178, 5.4.241, 4.19.281, and 4.14.313 stable updates are in the review process. They are due on April 20, but some of them have been through enough release candidates that it would not be surprising to see them come out a bit later.
Quotes of the week
random rant, or what is my job as maintainer— Daniel Vetterit's not ensuring perfect code, it's building communities to keep the code alive and let it evolve
and very often the best option for that is to merge the "kinda shitty, but exists" code right now
Linus fixes a dishwasher and posts about it. As a result, my PostgreSQL database falls over.— Konstantin Ryabitsev
The concept of proper hardware/software co-design, which was postulated at least 40 years ago, is still either unknown or in its infancy at the vast majority of silicon vendors including my own employer.— Thomas GleixnerThe main concept is still to throw hardware/firmware over the fence and let software folks deal with it. That's a complete disaster and paves the way to death by complexity and unmaintainability.
As a consequence the only way for a responsible kernel maintainer is to question the design at the point where patches are posted. Therefore it's not unreasonable to ask for a rationale and concise technical arguments at that point.
Distributions
Fedora 38 released
The Fedora 38 release is available. Fedora has mostly moved past its old pattern of late releases, but it's still a bit surprising that this release came out one week ahead of the scheduled date. Some of the changes in this release, including reduced shutdown timeouts and frame pointers have been covered here in the past; see the announcement and the Workstation-edition "what's new" post for details on the rest.
If you want to use Fedora Linux on your mobile device, F38 introduces a Phosh image. Phosh is a Wayland shell for mobile devices based on Gnome. This is an early effort from our Mobility SIG. If your device isn’t supported yet, we welcome your contributions!
An openSUSE ALP status update
Richard Brown has posted an update on the status of the SUSE Adaptable Linux Platform (ALP) project and what it means for the openSUSE distribution.
The ALP concept should be flexible enough that these openSUSE Products will be able to leverage all the stuff SUSE is doing for SUSE's ALP Products, but then we (community) can add anything we want. If we find it is not flexible enough, then we (SUSE) will work to adapt it to make it possible for the community to build what it wants.So, if we the community want to build something like old Leap, that should be totally technically feasible.
The rebooting of Solus Linux
The desktop-oriented Solus distribution has been through a difficult period; this post describes the extensive changes that have been made in response.
Notably, innovation in the Linux ecosystem is presently centered around the use of application sandboxing, containers and the development of immutable operating systems with a well understood Software Bill of Materials. Each of these concepts allow for a degree of separation and stability when developing, testing and certifying software and products.The current Solus tooling, as well as the resulting packaging and development experience, is somewhat ill-suited to this objective and would most likely need a wholesale re-engineering of the tools before this becomes feasible.
However, there is a more straightforward path for Solus: Rebasing onto Serpent OS.
Development
New release: digiKam 8.0.0
The digiKam photo-management tool has announced its 8.0.0 release, after two years of development, bug fixing, and testing. Major new features include a documentation overhaul (with a new web site), support for more file formats, a new optical character recognition (OCR) tool, improved metadata handling, a neural-net-based image quality classifier, better integration with G'MIC-Qt, a Qt6-compatible code base, and lots more. See the announcement for all the details.LXD 5.13 released
Version 5.13 of the LXD virtual-machine manager has been released. New features include fast live migration, support for AMD's secure enclaves, and more. See this announcement for details.
Miscellaneous
Duffy: Run an open source-powered virtual conference!
On her blog, Máirín Duffy writes about using open-source software to run a virtual conference. The Fedora design team recently ran the first Creative Freedom Summit as a virtual conference for FOSS creative tools. The team could have used the same non-open-source platform that is used by the Flock Fedora conference, but took a different path:Using Matrix's Element client, we embedded the live stream video and an Etherpad into a public Matrix room for the conference. We used attendance in the channel to monitor overall conference attendance. We had live chat going throughout the conference and took questions from audience members both from the chat and the embedded Q&A Etherpad.
Back in 2020, the Linux Plumbers Conference also put together a virtual conference using free software, as did LibrePlanet and likely others.
Page editor: Jake Edge
Next page:
Announcements>>