linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Morten Linderud <morten@linderud.pw>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Eric Snowberg <eric.snowberg@oracle.com>,
	keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
	zohar@linux.ibm.com, dhowells@redhat.com, dwmw2@infradead.org,
	herbert@gondor.apana.org.au, davem@davemloft.net,
	jarkko@kernel.org, jmorris@namei.org, serge@hallyn.com,
	keescook@chromium.org, torvalds@linux-foundation.org,
	weiyongjun1@huawei.com, nayna@linux.ibm.com, ebiggers@google.com,
	nramas@linux.microsoft.com, lszubowi@redhat.com, jason@zx2c4.com,
	linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org,
	James.Bottomley@hansenpartnership.com, pjones@redhat.com,
	konrad.wilk@oracle.com
Subject: Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found
Date: Thu, 10 Nov 2022 15:27:19 +0100	[thread overview]
Message-ID: <20221110142719.k2dhn2ytucsn3wfr@framework> (raw)
In-Reply-To: <CAMj1kXHcf_QptjHfFJxkUQrv=Lfg5=pkt2UTOZ5F-pffki-=-Q@mail.gmail.com>

On Thu, Nov 10, 2022 at 08:42:08AM +0100, Ard Biesheuvel wrote:
> On Thu, 10 Nov 2022 at 01:01, Morten Linderud <morten@linderud.pw> wrote:
> >
> > On Tue, Nov 23, 2021 at 11:41:23PM -0500, Eric Snowberg wrote:
> > > A new Machine Owner Key (MOK) variable called MokListTrustedRT has been
> > > introduced in shim. When this UEFI variable is set, it indicates the
> > > end-user has made the decision themselves that they wish to trust MOK keys
> > > within the Linux trust boundary.  It is not an error if this variable
> > > does not exist. If it does not exist, the MOK keys should not be trusted
> > > within the kernel.
> >
> > Hi Eric,
> >
> > I've been milling around on this patch-set for a while and I have a few issues
> > with the description of the commit and what the code actually does.
> >
> > efi_mokvar_entry_find doesn't simply read an UEFI variable as the commit message
> > suggests, it will look for the MOK variable loaded into the EFI configuration
> > table. This implies we need this table setup in early boot to take usage of this
> > patch set.
> >
> > The only bootloader that does setup this table, is the `shim` as described. But
> > no other bootloader implements support for the MOK EFI configuration table.
> >
> 
> Does any other bootloader implement support for the (volatile)
> MokListTrustedRT variable?
> 

No. The efforts seems to be mostly focused on supporting a setup where shim
boots grub. Anything besides this has never really been important for the people
writing it.

The main reason for the email is to try and figure out what the EFI
configuration table adds to the threat model.

> Note that this variable is intentionally volatile, and should be
> rejected by the kernel if it is not. The point of these RT variables
> or the config tables is that they can only be set at boot if a signed
> and therefore trusted agent created them.

So the only trusted agent currently is the shim? It claims to be a "trivial EFI
application" but the interplay between mokutils and shim isn't documented and
not trivial to understand.

> Permitting non-volatile variables here defeats the purpose of secure
> boot, which aims to prevent exploits from gaining persistence. It
> would be bad if you could corrupt the trusted boot chain forever by
> setting a variable once.

Would this change if the variable could be read from the EFI configuration table
or as an EFI variable? Instead of the current situation where we only support
the configuration table?

> > This effectively means that there is still no way for Machine Owners to load
> > keys into the keyring, for things like module signing, without the shim present
> > in the bootchain. I find this a bit weird.
> >
> > Is this an intentional design decision, or could other ways be supported as
> > well?
> >
> 
> Yes.

I assume it's a yes to "intentional design decision", and my followup question
to this would be to ask where it's documented?

> If we are looking for a way to use EFI variables to inject additional
> certificates into the keyring without the ability to authenticate
> them, we should I'd strongly recommend that we disable that by default
> and add a big fat warning that it is incompatible with the guarantees
> secure boot aims to provide.

The present features are all disabled by default I believe?

Most of this seems to be knowledge residing between a few people that was
present at the implementation, and as a user-space tool author comming into this
10 years later, it's really hard to figure out how a lot of these decisions came
to be.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16

  reply	other threads:[~2022-11-10 14:28 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-24  4:41 [PATCH v8 00/17] Enroll kernel keys thru MOK Eric Snowberg
2021-11-24  4:41 ` [PATCH v8 01/17] KEYS: Create static version of public_key_verify_signature Eric Snowberg
2021-11-24  4:41 ` [PATCH v8 02/17] integrity: Fix warning about missing prototypes Eric Snowberg
2021-11-24  4:41 ` [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine Eric Snowberg
2021-11-25  2:49   ` Mimi Zohar
2021-11-29 22:50     ` Eric Snowberg
2021-11-27  0:39   ` Jarkko Sakkinen
2021-11-24  4:41 ` [PATCH v8 04/17] integrity: Do not allow machine keyring updates following init Eric Snowberg
2021-11-27  0:42   ` Jarkko Sakkinen
2021-11-24  4:41 ` [PATCH v8 05/17] X.509: Parse Basic Constraints for CA Eric Snowberg
2021-11-27  0:43   ` Jarkko Sakkinen
2021-11-24  4:41 ` [PATCH v8 06/17] KEYS: CA link restriction Eric Snowberg
2021-11-27  0:44   ` Jarkko Sakkinen
2021-11-24  4:41 ` [PATCH v8 07/17] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca Eric Snowberg
2022-02-14 12:42   ` Darren Kenny
2021-11-24  4:41 ` [PATCH v8 08/17] integrity: add new keyring handler for mok keys Eric Snowberg
2021-11-27  0:46   ` Jarkko Sakkinen
2021-11-24  4:41 ` [PATCH v8 09/17] KEYS: Rename get_builtin_and_secondary_restriction Eric Snowberg
2021-11-27  0:49   ` Jarkko Sakkinen
2021-11-30 17:21     ` Eric Snowberg
2021-12-01 10:27       ` Jarkko Sakkinen
2021-12-01 13:46         ` Mimi Zohar
2021-12-04 17:39           ` Jarkko Sakkinen
2021-12-15 18:14           ` Eric Snowberg
2021-12-15 19:54             ` Mimi Zohar
2021-11-24  4:41 ` [PATCH v8 10/17] KEYS: add a reference to machine keyring Eric Snowberg
2022-02-14 12:18   ` Darren Kenny
2021-11-24  4:41 ` [PATCH v8 11/17] KEYS: Introduce link restriction for machine keys Eric Snowberg
2022-02-14 12:23   ` Darren Kenny
2021-11-24  4:41 ` [PATCH v8 12/17] KEYS: integrity: change link restriction to trust the machine keyring Eric Snowberg
2021-11-24  4:41 ` [PATCH v8 13/17] integrity: store reference to " Eric Snowberg
2022-02-14 12:27   ` Darren Kenny
2021-11-24  4:41 ` [PATCH v8 14/17] KEYS: link machine trusted keys to secondary_trusted_keys Eric Snowberg
2022-02-14 12:28   ` Darren Kenny
2021-11-24  4:41 ` [PATCH v8 15/17] efi/mokvar: move up init order Eric Snowberg
2022-02-14 12:29   ` Darren Kenny
2021-11-24  4:41 ` [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found Eric Snowberg
2022-02-14 12:31   ` Darren Kenny
2022-11-10  0:01   ` Morten Linderud
2022-11-10  0:54     ` Eric Snowberg
2022-11-10 15:06       ` Morten Linderud
2022-11-10 15:27         ` James Bottomley
2022-11-10 15:30           ` Ard Biesheuvel
2022-11-10  7:42     ` Ard Biesheuvel
2022-11-10 14:27       ` Morten Linderud [this message]
2022-11-10 14:15     ` James Bottomley
2021-11-24  4:41 ` [PATCH v8 17/17] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true Eric Snowberg
2022-02-14 12:37   ` Darren Kenny
2022-02-20 23:23 ` [PATCH v8 00/17] Enroll kernel keys thru MOK Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221110142719.k2dhn2ytucsn3wfr@framework \
    --to=morten@linderud.pw \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=ardb@kernel.org \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=dwmw2@infradead.org \
    --cc=ebiggers@google.com \
    --cc=eric.snowberg@oracle.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko@kernel.org \
    --cc=jason@zx2c4.com \
    --cc=jmorris@namei.org \
    --cc=keescook@chromium.org \
    --cc=keyrings@vger.kernel.org \
    --cc=konrad.wilk@oracle.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=lszubowi@redhat.com \
    --cc=nayna@linux.ibm.com \
    --cc=nramas@linux.microsoft.com \
    --cc=pjones@redhat.com \
    --cc=serge@hallyn.com \
    --cc=torvalds@linux-foundation.org \
    --cc=weiyongjun1@huawei.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).