linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Read-protected UEFI variables
@ 2018-02-14 12:52 Benjamin Drung
  2018-02-14 13:09 ` Ard Biesheuvel
  0 siblings, 1 reply; 8+ messages in thread
From: Benjamin Drung @ 2018-02-14 12:52 UTC (permalink / raw)
  To: Matthew Garrett, Jeremy Kerr, Matt Fleming, linux-efi, linux-kernel

Hi,

I am exploring the possibility to store SSH and other keys in UEFI
variables for systems that do not have persistent storage. These
systems boot via network and need individual SSH keys which ideally
should not be distributed via network.

The plan is to write a small daemon that starts at boot and gets the
SSH keys from EFI variables to individualize the system with SSH keys. 
I plan to release the code as free software. Simple proof-of-concept
code:

mount -t efivarfs none /sys/firmware/efi/efivars
for key in ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_rsa_key; do
  dd ibs=1 skip=4 if=/sys/firmware/efi/efivars/${key}-89df11f4-38e6-473e-ab43-b4406b76fba9 of=/etc/ssh/$key
done

I am not the first person having the idea to use UEFI variables to
store keys:
https://www.usenix.org/conference/srecon17asia/program/presentation/korgachin

There is one problem: The keys should be readable only by root. When
mounting efivarfs, all variables have the permission 644 which makes
them readable by all users. I have different ideas how to solve it:

1) Hard-code a list of GUIDs that should be only readable by root in
the kernel module. These modules would also be not set to immutable.

2) Instead of hard-coding GUIDs, add a kernel module parameter to
specify the GUIDs. Maybe have a default list in the kernel module.

3) Add a mount option to specify the protected GUIDs.

Feedback is welcome.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.drung@profitbricks.com
URL: https://www.profitbricks.de

Sitz der Gesellschaft: Berlin
Registergericht: Amtsgericht Charlottenburg, HRB 125506 B
Geschäftsführer: Achim Weiss, Matthias Steinberg

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Read-protected UEFI variables
  2018-02-14 12:52 Read-protected UEFI variables Benjamin Drung
@ 2018-02-14 13:09 ` Ard Biesheuvel
  2018-02-14 13:21   ` Benjamin Drung
  0 siblings, 1 reply; 8+ messages in thread
From: Ard Biesheuvel @ 2018-02-14 13:09 UTC (permalink / raw)
  To: Benjamin Drung
  Cc: Matthew Garrett, Jeremy Kerr, Matt Fleming, linux-efi,
	Linux Kernel Mailing List

On 14 February 2018 at 12:52, Benjamin Drung
<benjamin.drung@profitbricks.com> wrote:
> Hi,
>
> I am exploring the possibility to store SSH and other keys in UEFI
> variables for systems that do not have persistent storage. These
> systems boot via network and need individual SSH keys which ideally
> should not be distributed via network.
>
> The plan is to write a small daemon that starts at boot and gets the
> SSH keys from EFI variables to individualize the system with SSH keys.
> I plan to release the code as free software. Simple proof-of-concept
> code:
>
> mount -t efivarfs none /sys/firmware/efi/efivars
> for key in ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_rsa_key; do
>   dd ibs=1 skip=4 if=/sys/firmware/efi/efivars/${key}-89df11f4-38e6-473e-ab43-b4406b76fba9 of=/etc/ssh/$key
> done
>
> I am not the first person having the idea to use UEFI variables to
> store keys:
> https://www.usenix.org/conference/srecon17asia/program/presentation/korgachin
>
> There is one problem: The keys should be readable only by root. When
> mounting efivarfs, all variables have the permission 644 which makes
> them readable by all users. I have different ideas how to solve it:
>
> 1) Hard-code a list of GUIDs that should be only readable by root in
> the kernel module. These modules would also be not set to immutable.
>
> 2) Instead of hard-coding GUIDs, add a kernel module parameter to
> specify the GUIDs. Maybe have a default list in the kernel module.
>
> 3) Add a mount option to specify the protected GUIDs.
>
> Feedback is welcome.
>

I'd consider a patch that makes the permissions a mount option for
efivarfs, applying to all variables. The reason is that these
variables shouldn't have been world readable in the first place, and I
am reluctant to make this overly complex.

On the other hand, you should realize that UEFI was never designed to
keep secrets, and so whether it is a good idea to put secrets in UEFI
variables to begin with is dubious IMHO.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Read-protected UEFI variables
  2018-02-14 13:09 ` Ard Biesheuvel
@ 2018-02-14 13:21   ` Benjamin Drung
  2018-02-14 18:18     ` Môshe van der Sterre
                       ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Benjamin Drung @ 2018-02-14 13:21 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Matthew Garrett, Jeremy Kerr, Matt Fleming, linux-efi,
	Linux Kernel Mailing List

Am Mittwoch, den 14.02.2018, 13:09 +0000 schrieb Ard Biesheuvel:
> On 14 February 2018 at 12:52, Benjamin Drung
> <benjamin.drung@profitbricks.com> wrote:
> > Hi,
> > 
> > I am exploring the possibility to store SSH and other keys in UEFI
> > variables for systems that do not have persistent storage. These
> > systems boot via network and need individual SSH keys which ideally
> > should not be distributed via network.
> > 
> > The plan is to write a small daemon that starts at boot and gets
> > the
> > SSH keys from EFI variables to individualize the system with SSH
> > keys.
> > I plan to release the code as free software. Simple proof-of-
> > concept
> > code:
> > 
> > mount -t efivarfs none /sys/firmware/efi/efivars
> > for key in ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_rsa_key; do
> >   dd ibs=1 skip=4 if=/sys/firmware/efi/efivars/${key}-89df11f4-
> > 38e6-473e-ab43-b4406b76fba9 of=/etc/ssh/$key
> > done
> > 
> > I am not the first person having the idea to use UEFI variables to
> > store keys:
> > https://www.usenix.org/conference/srecon17asia/program/presentation
> > /korgachin
> > 
> > There is one problem: The keys should be readable only by root.
> > When
> > mounting efivarfs, all variables have the permission 644 which
> > makes
> > them readable by all users. I have different ideas how to solve it:
> > 
> > 1) Hard-code a list of GUIDs that should be only readable by root
> > in
> > the kernel module. These modules would also be not set to
> > immutable.
> > 
> > 2) Instead of hard-coding GUIDs, add a kernel module parameter to
> > specify the GUIDs. Maybe have a default list in the kernel module.
> > 
> > 3) Add a mount option to specify the protected GUIDs.
> > 
> > Feedback is welcome.
> > 
> 
> I'd consider a patch that makes the permissions a mount option for
> efivarfs, applying to all variables. The reason is that these
> variables shouldn't have been world readable in the first place, and
> I
> am reluctant to make this overly complex.

Having some variables (like the BootXXXX and BootOrder variables) world
readable is useful. This allows normal users to run 'efibootmgr' to
display the boot options.

> On the other hand, you should realize that UEFI was never designed to
> keep secrets, and so whether it is a good idea to put secrets in UEFI
> variables to begin with is dubious IMHO.

If the UEFI is as secure as storing an unencrypted file on a hard
drive, I am satisfied. Or do you have a better idea where to store the
SSH keys for a diskless system that boots via network?

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.drung@profitbricks.com
URL: https://www.profitbricks.de

Sitz der Gesellschaft: Berlin
Registergericht: Amtsgericht Charlottenburg, HRB 125506 B
Geschäftsführer: Achim Weiss, Matthias Steinberg

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Read-protected UEFI variables
  2018-02-14 13:21   ` Benjamin Drung
@ 2018-02-14 18:18     ` Môshe van der Sterre
  2018-02-14 19:05       ` Benjamin Drung
  2018-02-14 20:33     ` Austin S. Hemmelgarn
  2018-02-19 20:24     ` Alan Cox
  2 siblings, 1 reply; 8+ messages in thread
From: Môshe van der Sterre @ 2018-02-14 18:18 UTC (permalink / raw)
  To: Benjamin Drung; +Cc: Ard Biesheuvel, linux-efi, Linux Kernel Mailing List

[-- Attachment #1: Type: text/plain, Size: 537 bytes --]

On 02/14/2018 02:21 PM, Benjamin Drung wrote:
> If the UEFI is as secure as storing an unencrypted file on a hard
> drive, I am satisfied. Or do you have a better idea where to store the
> SSH keys for a diskless system that boots via network?
I assume it would be best to use TPM for this (if your systems have TPM chips), it is designed for use-cases like this. Searching for "tpm ssh keys" gives a decent amount of results. Mostly targeted at user keys instead of server keys, so this might need some tinkering to get working.


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 3691 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Read-protected UEFI variables
  2018-02-14 18:18     ` Môshe van der Sterre
@ 2018-02-14 19:05       ` Benjamin Drung
  0 siblings, 0 replies; 8+ messages in thread
From: Benjamin Drung @ 2018-02-14 19:05 UTC (permalink / raw)
  To: Môshe van der Sterre
  Cc: Ard Biesheuvel, linux-efi, Linux Kernel Mailing List

Am Mittwoch, den 14.02.2018, 19:18 +0100 schrieb Môshe van der Sterre:
> On 02/14/2018 02:21 PM, Benjamin Drung wrote:
> > If the UEFI is as secure as storing an unencrypted file on a hard
> > drive, I am satisfied. Or do you have a better idea where to store
> > the
> > SSH keys for a diskless system that boots via network?
> 
> I assume it would be best to use TPM for this (if your systems have
> TPM chips), it is designed for use-cases like this. Searching for
> "tpm ssh keys" gives a decent amount of results. Mostly targeted at
> user keys instead of server keys, so this might need some tinkering
> to get working.

I check our systems. They just have TPM headers, but no TPM chips
according to the user manual. The directory /sys/class/tpm/ is either
empty or not existing. Adding TPM chips to all servers is no too
expensive (to much man power required). So sadly, this is no option for
us.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.drung@profitbricks.com
URL: https://www.profitbricks.de

Sitz der Gesellschaft: Berlin
Registergericht: Amtsgericht Charlottenburg, HRB 125506 B
Geschäftsführer: Achim Weiss, Matthias Steinberg

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Read-protected UEFI variables
  2018-02-14 13:21   ` Benjamin Drung
  2018-02-14 18:18     ` Môshe van der Sterre
@ 2018-02-14 20:33     ` Austin S. Hemmelgarn
  2018-02-15 19:04       ` Ard Biesheuvel
  2018-02-19 20:24     ` Alan Cox
  2 siblings, 1 reply; 8+ messages in thread
From: Austin S. Hemmelgarn @ 2018-02-14 20:33 UTC (permalink / raw)
  To: Benjamin Drung
  Cc: Ard Biesheuvel, Matthew Garrett, Jeremy Kerr, Matt Fleming,
	linux-efi, Linux Kernel Mailing List

On 2018-02-14 08:21, Benjamin Drung wrote:
> Am Mittwoch, den 14.02.2018, 13:09 +0000 schrieb Ard Biesheuvel:
>> On 14 February 2018 at 12:52, Benjamin Drung
>> <benjamin.drung@profitbricks.com> wrote:
>>> Hi,
>>>
>>> I am exploring the possibility to store SSH and other keys in UEFI
>>> variables for systems that do not have persistent storage. These
>>> systems boot via network and need individual SSH keys which ideally
>>> should not be distributed via network.
>>>
>>> The plan is to write a small daemon that starts at boot and gets
>>> the
>>> SSH keys from EFI variables to individualize the system with SSH
>>> keys.
>>> I plan to release the code as free software. Simple proof-of-
>>> concept
>>> code:
>>>
>>> mount -t efivarfs none /sys/firmware/efi/efivars
>>> for key in ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_rsa_key; do
>>>    dd ibs=1 skip=4 if=/sys/firmware/efi/efivars/${key}-89df11f4-
>>> 38e6-473e-ab43-b4406b76fba9 of=/etc/ssh/$key
>>> done
>>>
>>> I am not the first person having the idea to use UEFI variables to
>>> store keys:
>>> https://www.usenix.org/conference/srecon17asia/program/presentation
>>> /korgachin
>>>
>>> There is one problem: The keys should be readable only by root.
>>> When
>>> mounting efivarfs, all variables have the permission 644 which
>>> makes
>>> them readable by all users. I have different ideas how to solve it:
>>>
>>> 1) Hard-code a list of GUIDs that should be only readable by root
>>> in
>>> the kernel module. These modules would also be not set to
>>> immutable.
>>>
>>> 2) Instead of hard-coding GUIDs, add a kernel module parameter to
>>> specify the GUIDs. Maybe have a default list in the kernel module.
>>>
>>> 3) Add a mount option to specify the protected GUIDs.
>>>
>>> Feedback is welcome.
>>>
>>
>> I'd consider a patch that makes the permissions a mount option for
>> efivarfs, applying to all variables. The reason is that these
>> variables shouldn't have been world readable in the first place, and
>> I
>> am reluctant to make this overly complex.
> 
> Having some variables (like the BootXXXX and BootOrder variables) world
> readable is useful. This allows normal users to run 'efibootmgr' to
> display the boot options.
Some variables maybe (ISTR variables for things like the system 
time-zone or the firmware locale settings, which _might_ be useful), but 
I would say the boot variables are not on that list.  The only practical 
application for a regular (non-root) user to read those variables is to 
gather info for an attack on the system.  Anybody who legitimately needs 
to access them (either for debugging the boot process, or changing the 
boot options) should have administrative access to the system anyway, 
and even then they will usually not need to read them.

In fact, most of the UEFI variables fall into the same category, but 
even more so, userspace has no legitimate reason to need to read them. 
You can get an absolutely insane amount of info out of them on some 
systems, most of which is a gold-mine for potential attackers.  For the 
handful that may actually be useful to userspace, most would be needed 
only during system startup, and thus could safely be made readable by 
root only.
> 
>> On the other hand, you should realize that UEFI was never designed to
>> keep secrets, and so whether it is a good idea to put secrets in UEFI
>> variables to begin with is dubious IMHO.
> 
> If the UEFI is as secure as storing an unencrypted file on a hard
> drive, I am satisfied. Or do you have a better idea where to store the
> SSH keys for a diskless system that boots via network?
> 
There really isn't any other option unless you're willing to put a small 
amount of flash storage in the system somehow (maybe a small USB flash 
drive connected directly to a USB header inside the system?).  As far as 
the security of UEFI variables, the same limitations as storing the data 
on an unencrypted hard drive apply, with the addition that it's much 
easier to get at them through stuff like Intel's AMT or IPMI than it is 
to read data off of the hard drive.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Read-protected UEFI variables
  2018-02-14 20:33     ` Austin S. Hemmelgarn
@ 2018-02-15 19:04       ` Ard Biesheuvel
  0 siblings, 0 replies; 8+ messages in thread
From: Ard Biesheuvel @ 2018-02-15 19:04 UTC (permalink / raw)
  To: Austin S. Hemmelgarn
  Cc: Benjamin Drung, Matthew Garrett, Jeremy Kerr, Matt Fleming,
	linux-efi, Linux Kernel Mailing List

FYI https://marc.info/?l=linux-efi&m=151871896117989&w=2


On 14 February 2018 at 20:33, Austin S. Hemmelgarn <ahferroin7@gmail.com> wrote:
> On 2018-02-14 08:21, Benjamin Drung wrote:
>>
>> Am Mittwoch, den 14.02.2018, 13:09 +0000 schrieb Ard Biesheuvel:
>>>
>>> On 14 February 2018 at 12:52, Benjamin Drung
>>> <benjamin.drung@profitbricks.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I am exploring the possibility to store SSH and other keys in UEFI
>>>> variables for systems that do not have persistent storage. These
>>>> systems boot via network and need individual SSH keys which ideally
>>>> should not be distributed via network.
>>>>
>>>> The plan is to write a small daemon that starts at boot and gets
>>>> the
>>>> SSH keys from EFI variables to individualize the system with SSH
>>>> keys.
>>>> I plan to release the code as free software. Simple proof-of-
>>>> concept
>>>> code:
>>>>
>>>> mount -t efivarfs none /sys/firmware/efi/efivars
>>>> for key in ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_rsa_key; do
>>>>    dd ibs=1 skip=4 if=/sys/firmware/efi/efivars/${key}-89df11f4-
>>>> 38e6-473e-ab43-b4406b76fba9 of=/etc/ssh/$key
>>>> done
>>>>
>>>> I am not the first person having the idea to use UEFI variables to
>>>> store keys:
>>>> https://www.usenix.org/conference/srecon17asia/program/presentation
>>>> /korgachin
>>>>
>>>> There is one problem: The keys should be readable only by root.
>>>> When
>>>> mounting efivarfs, all variables have the permission 644 which
>>>> makes
>>>> them readable by all users. I have different ideas how to solve it:
>>>>
>>>> 1) Hard-code a list of GUIDs that should be only readable by root
>>>> in
>>>> the kernel module. These modules would also be not set to
>>>> immutable.
>>>>
>>>> 2) Instead of hard-coding GUIDs, add a kernel module parameter to
>>>> specify the GUIDs. Maybe have a default list in the kernel module.
>>>>
>>>> 3) Add a mount option to specify the protected GUIDs.
>>>>
>>>> Feedback is welcome.
>>>>
>>>
>>> I'd consider a patch that makes the permissions a mount option for
>>> efivarfs, applying to all variables. The reason is that these
>>> variables shouldn't have been world readable in the first place, and
>>> I
>>> am reluctant to make this overly complex.
>>
>>
>> Having some variables (like the BootXXXX and BootOrder variables) world
>> readable is useful. This allows normal users to run 'efibootmgr' to
>> display the boot options.
>
> Some variables maybe (ISTR variables for things like the system time-zone or
> the firmware locale settings, which _might_ be useful), but I would say the
> boot variables are not on that list.  The only practical application for a
> regular (non-root) user to read those variables is to gather info for an
> attack on the system.  Anybody who legitimately needs to access them (either
> for debugging the boot process, or changing the boot options) should have
> administrative access to the system anyway, and even then they will usually
> not need to read them.
>
> In fact, most of the UEFI variables fall into the same category, but even
> more so, userspace has no legitimate reason to need to read them. You can
> get an absolutely insane amount of info out of them on some systems, most of
> which is a gold-mine for potential attackers.  For the handful that may
> actually be useful to userspace, most would be needed only during system
> startup, and thus could safely be made readable by root only.
>>
>>
>>> On the other hand, you should realize that UEFI was never designed to
>>> keep secrets, and so whether it is a good idea to put secrets in UEFI
>>> variables to begin with is dubious IMHO.
>>
>>
>> If the UEFI is as secure as storing an unencrypted file on a hard
>> drive, I am satisfied. Or do you have a better idea where to store the
>> SSH keys for a diskless system that boots via network?
>>
> There really isn't any other option unless you're willing to put a small
> amount of flash storage in the system somehow (maybe a small USB flash drive
> connected directly to a USB header inside the system?).  As far as the
> security of UEFI variables, the same limitations as storing the data on an
> unencrypted hard drive apply, with the addition that it's much easier to get
> at them through stuff like Intel's AMT or IPMI than it is to read data off
> of the hard drive.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Read-protected UEFI variables
  2018-02-14 13:21   ` Benjamin Drung
  2018-02-14 18:18     ` Môshe van der Sterre
  2018-02-14 20:33     ` Austin S. Hemmelgarn
@ 2018-02-19 20:24     ` Alan Cox
  2 siblings, 0 replies; 8+ messages in thread
From: Alan Cox @ 2018-02-19 20:24 UTC (permalink / raw)
  To: Benjamin Drung
  Cc: Ard Biesheuvel, Matthew Garrett, Jeremy Kerr, Matt Fleming,
	linux-efi, Linux Kernel Mailing List

> If the UEFI is as secure as storing an unencrypted file on a hard
> drive, I am satisfied. Or do you have a better idea where to store the
> SSH keys for a diskless system that boots via network?

Store them in the TPM ?

If you are booting over a network and not doing some kind of TPM based
trusted boot check you already lost to a network attacker 

Alan

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2018-02-19 20:25 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-14 12:52 Read-protected UEFI variables Benjamin Drung
2018-02-14 13:09 ` Ard Biesheuvel
2018-02-14 13:21   ` Benjamin Drung
2018-02-14 18:18     ` Môshe van der Sterre
2018-02-14 19:05       ` Benjamin Drung
2018-02-14 20:33     ` Austin S. Hemmelgarn
2018-02-15 19:04       ` Ard Biesheuvel
2018-02-19 20:24     ` Alan Cox

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).