[conspire] (forw) Re: [Felton LUG] Oh boy, this doesn't look good...

Ruben Safir ruben at mrbrklyn.com
Thu Jul 30 11:54:50 PDT 2020 

On Thu, Jul 30, 2020 at 11:39:15AM -0700, Rick Moen wrote:
> Quoting Ruben Safir (ruben at mrbrklyn.com):
> 
> > It is not self evident because when you apply a logical model to prblem,
> > adding cryptokeys fails to alter the logic or the function.
> 
> Is it impossible that code on your system under the control of a hostile
> party might escalate to root authority and do undesirable things to your
> boot chain?  The correct answer to that question is 'no' (i.e., it is
> indeed possible).  I know this because I am, y'know, a senior system
> administrator.
> 
> Having one's boot chain cryptographically verified makes that class of
> attack vector not work.  Ergo, self-evident advantage.  Quod erat
> demonstrandum.
> 


It doesn't matter at this point becuase they already have root...

They are in full control of the system.  Its a false argument (in the
mathamatical sense).  Once you have root, the secure boot in irrelevent.
first, you can alter the secondary boot loader.  But more importantly,
you have control of the OS.

I've read this, and studied this, and it doesn't work.  The only purpose
is for an external entitiy to exert control on the hardware.

As I said, if anything, it adds MORE attack vectors making the overall
system less secure.

Now, if they hack the UEFI shell, you have root
If they attacks PAM/Login they have root
If they attack the secureboot itself... they have root.


Root is root is root.

For an attacker to succeed, it doesn't matter how you get there, as
long as you do get there..

(and that is before discussion hypervision VMS etc).


> This is not difficult to understand.  I should not have to explain it to
> you.
> 
> > the individual who controls the root account controlls the access to the
> > cryptopassword...
> > nothing is gained.
> 
> Your continual repetition of that claim doesn't render it correct.

> 
> Read the explanation again as required, until you understand it.  It's
> really not difficult.
> 
> > The only thing that is gained is that someone OTHER than the human who
> > controls root can control the crypto chain, but that is not security, 
> > that is a business and extrotion model.
> 
> This statement is obviously not correct, and moreover paranoid.  Once a
> bootloader is signed, nobody other than the local administrator controls
> the boot chain.
> 

who alrady has the root password for the OS.  There is no gain.  You do
increase the likeihood of locking yourself out of your own system :(

It makes upgrades a PIA.



> I detest the UEFI Secre Boot implementation, and decline to use it.  But
> your claim that it (and any less-sucky implementation of the basic
> concept) doesn't have a security advantage to the local admin is just
> plain wrong.  Just because MSFT does something, and it's undesirable to
> use for various reasons, and it is a pain in the neck, doesn't render
> it, let alone better implementations of the idea, less than advantageous
> by nature.
> 
> 
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive 
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and extermination camps, 
but incompatible with living as a free human being. -RI Safir 2013

More information about the conspire mailing list