Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Rich Freeman <rich0@g.o>
Subject: Re: Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 13:55:26 -0400
On Sun, Jun 17, 2012 at 1:34 PM, Sascha Cunz <sascha-ml@...> wrote:
>
> Given the fact that the keys in the BIOS must somehow get there and it must
> also be able to update them (how to revoke or add keys else?).

Based on what I've read the keys are stored in flash.  The flash
module itself is protected.  There are a number of ways to implement
something like this fairly securely.  The simplest is to have an
unprotected area of the flash that the OS can write to.  Upon bootup
the firmware looks in this area for a signed message.  If the message
is signed by a trusted source, then the firmware interprets it as
instructions to update itself, add/remove keys, or whatever.  Then
before booting the OS the firmware sets the protect flag on the
protected area of flash that is only unset by a hardware reset.

The only software exploit against something like this is to find a bug
in the code that inspects the flash (overflow/etc) to trick it into
running an unsigned blob.  There are also hardware attacks, like
bypassing flash protection hardware, directly accessing flash, or
controlling what shows up on the data bus when the CPU tries to read
the firmware.  Any of these can be made fairly difficult, and extreme
case being how modern gaming consoles work (flash embedded in CPU, and
so on).

>
> Unless this is completely done in hardware, there must be a software doing it.
> Software can - by design - be reverse engineered; in some countries even
> legally without any further agreement or license.

With the scheme above no software need be distributed that contains
any information useful for anything other than a replay attack.  The
blob would be signed prior to distribution.  You could read the code
that loads it into the flash, but that need not be kept secret.  You
can load whatever you want into the flash and it won't matter unless
it is signed.

If the hardware is fancy enough you could even update settings without
having to reboot, and again unless the hardware isn't done right
you're not going to be able to get around it without tapping
busses/etc.

Rich


References:
UEFI secure boot and Gentoo
-- Greg KH
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Re: Re: UEFI secure boot and Gentoo
-- Sascha Cunz
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: UEFI secure boot and Gentoo
Next by thread:
Re: Re: UEFI secure boot and Gentoo
Previous by date:
Re: spec draft for cross-compile support in future EAPI (EAPI-5)
Next by date:
Re: Re: UEFI secure boot and Gentoo


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.