Re: Trusted kernel patchset

From: One Thousand Gnomes
Date: Mon Mar 16 2015 - 16:07:36 EST

Next message: Tony Lindgren: "Re: [RFC PATCH] dts: Add am335x-wega-rdk.dtb sources for phyBOARD-Wega-AM335x"
Previous message: Chris Metcalf: "Re: [PATCH 1/3] tile/elf: reorganize notify_exec()"
In reply to: Matthew Garrett: "Re: Trusted kernel patchset"
Next in thread: David Lang: "Re: Trusted kernel patchset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Also the boot loader should be measuring the kernel before it runs it,
> > thats how it knows the signature is correct.
>
> That's one implementation. Another is the kernel being stored on
> non-volatile media.

Same thing. One is just an optimisation ("const") 8)

> form of trusted boot chain can enable the lockdowns while still within
> the trusted codebase. If you want to prove trustworthiness then you're
> still going to need something like TPM-based attestation.

Makes sense.

On hibernate I think eventually it has to come down to the bootloader
and TPM signatures but to an extent it depends if you are getting into
the territory of protecting a machine from its supposed owner, or just
from passing malware.

> > What you don't document is the assumption about how the kernel boot
> > parameters are handled. A large number of boot parameters allow arbitrary
> > I/O access or allow code execution if used with skill and cunning.
>
> Things that spring to mind here:

Ok I was more assuming it was going to be "the bootloader only allows you
to do ..."

> 1) The ability to disable IOMMUs (some handwaving about the number of
> machines that still don't have IOMMUs because security is a perfectly
> reasonable thing to perform product differentiation on I guess?)
> 2) Your previous concerns about being able to manipulate the memory map
> in hostile ways
> 3) Drivers that allow users to tell the kernel devices exist at
> arbitrary memory addresses and then benefit from probe routines that
> write blindly

That's the main one

4) firewire and other interfaces that allow you to leave debug features
enabled. Firewire is the obvious one to me.

5) Manipulating firmware (acpi table replacements, alternative and extra
devicetree nodes etc)

> especially worried about in category (3) are the earlyprintk ones, but
> obviously there's a bunch of old drivers that allow arbitrary addresses
> to be passed and cleaning those up would be worth it.

When you get to devicetree or non x86 stuff there are quite a few modern
ones that do pretty much the same I think.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tony Lindgren: "Re: [RFC PATCH] dts: Add am335x-wega-rdk.dtb sources for phyBOARD-Wega-AM335x"
Previous message: Chris Metcalf: "Re: [PATCH 1/3] tile/elf: reorganize notify_exec()"
In reply to: Matthew Garrett: "Re: Trusted kernel patchset"
Next in thread: David Lang: "Re: Trusted kernel patchset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]