Slashdot Mirror
New Secure Boot Patches Break Hibernation
hypnosec writes "Matthew Garrett published some patches today which break hibernate and kexec support on Linux when Secure Boot is used. The reason for disabling hibernation is that currently the Linux kernel doesn't have the capability of verifying the resume image when returning from hibernation, which compromises the Secure Boot trust model. The reason for disabling the kexec support while running in Secure Boot is that the kernel execution mechanism may be used to load a modified kernel thus bypassing the trust model of Secure Boot."
Before arming your tactical nuclear flame cannon, note that mjg says "These patches break functionality that people rely on without providing any functional equivalent, so I'm not suggesting that they be merged as-is." Support for signed kexec should come eventually, but it looks like hibernation will require some clever hacking to support properly in a Restricted Boot environment.
A patch that is not going to be merged into the kernel proper breaks hibernation with secure boot in Linux...some editor is trying desperately hard to get a flame war started. If you're really that desperate for ideas try something creative, like creating a fake petition to have Minecraft converted from Java to C#. It's not hard to start a flame war.
Fucktard.
Who needs it anyhow, hehehe.
Seriously? A patch to block root users from running kernel images? This is like how it works in Windows: applications not running as root aren't allowed to unsigned kernel code. What's the point of making root not root?
Is he going to disable the 50 other ways in which root programs could take over the kernel, too?
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
I think this patch, while it probably wont be something we want in the kernel in the long run, at least is bringing attention to more people that we need to work on kexec and hibernation to better support the secure boot trust model. It offers a solution that does keep a system following the secure boot trust model, and once some people are able to keep a system following that model, they will to keep following the secure boot model but insist on all the old features working again. Hopefully there is enough of this type of push towards getting kexec and Hibernate improved so his patchs ultimately become obsolete.
http://interserver.net/
A patch that is not going to be merged into the kernel proper breaks hibernation with secure boot in Linux
Perhaps the fear is that if the patch is not merged, Microsoft will revoke the certificates that have been used to sign mainstream GNU/Linux distributions.
I'm not sure why that's the case - Windows has no problem with hibernating under secure boot last I checked.
My system doesn't hibernate, it passes out from exhaustion.
You could try setting up lm-sensors. Or is your motherboard not supported?
Some of you ignorant little cunts are still giving them money. Fuck you.
Hibernate doesn't work with the latest Ubuntu versions anyway. 1) they turned it off 'cause it might not work, 2) it doesn't work. It works fine with Debian though on the same computer.
I think I might switch to Mint or something.
HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
The problem is that anyone with physical access can fuck with the memory dump in between the hibernation and the restore
Anyone with physical access can probably reset the BIOS password and turn off secure boot. But barring that, perhaps one solution is to sign the memory dump with a key stored in the TPM.
That was the sound of the joke going over your head.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
It's my goddamn computer, my goddamn hardware, and it's MINE. I will run any fucking operating system I goddamn well please on it, and if Microsoft doesn't like that, they can FUCK THEMSELVES right in the GODDAMN EAR.
Why the fuck is SecureBoot even a priority AT ALL?
This shit is not going to go away if you play ball with Microsoft, which is precisely what Linux is expending valuable resources doing.
SecureBoot is not an important feature. It doesn't make your computer work better, or faster, or in a more stable fashion. Nobody needs or wants it. I cannot for the life of me understand why Linux is so fucking obsessed with supporting it properly, as if it's somehow going to improve Linux market share in the future. If Linux ever threatens Windows in any meaningful way, Microsoft would just make up a bullshit reason to yank the signing certs and kill everything that way instead (and by then, you can be damned well sure that SecureBoot will be MANDATORY on all x86 systems- why? Because everyone went along with it, that's why).
I could have sworn the entire community was up in arms about this crap, and how important it was to educate users about it.
You want to educate users about SecureBoot?
Don't support it. Collectively tell them why they need to go into their UEFI config utility and turn it off. Tell them if they can't do that, then they should return their computer as defective- because it obviously is.
Playing ball with Microsoft is the stupidest, most fucking boneheaded thing I have heard from the Linux community in a very, very long time. If I were Linus, I'd grow a pair of balls and yank ALL traces of SecureBoot support in the kernel, then tell Microsoft and all their UEFI buddies to fuck off. Then maybe the hardware manufactures would realize just how big of a mess they've gotten themselves into, and reverse course on SecureBoot for x86. But that's never going to happen because everyone is just acting like it's life right now and that's something they need to support. WTF?
What distinguishes hibernated memory image from, say, an initrd? Practically speaking, a distro has to allow for initrds to boot that aren't signed by the distribution. In fact, what about booting *any* filesystem? Some may suggest that the goal would be to have every binary signed, but what about end-user maintained scripts and config files? SecureBoot as currently defined only about the OS provider signing what they provide and that leaves a whole lot of area for malicious content outside that scope. It's of little comfort that you have assurance that you are running the correct sshd if, for example, you have malicious ssh_config and malicious authorized_keys.
XML is like violence. If it doesn't solve the problem, use more.
it was the same issue with 'winmodems' back in the 90s. yeah its shit, yeah its stupid, but its whats on sale at Best Buy and what teenagers have when they go to college and learn what "GCC" is.
Secureboot is the problem and disabling it(or getting rid of the device for a freer one) is the solution.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
And what is it needed for? Are there any disadvantages from not having it? Will there be any? What are the advantages?
I want to get a new machine. Will more or less secure boot affect the ability to run OS X?
Feel free to answer, whoever answer doesn't have to answer in detail if they don't want to. And no I won't try to google for it all atm.
That's long overdue!
Secure boot isn't. There is no point in hacking our way into Secure boot because it isn't secure, period. There is always a way around every security design and hobbling the industry with a proprietary technology isn't going to help anyone but incumbent large players. Secure Boot is nothing more than an attempt by Microsoft and other entrenched players to exclude smaller companies. The only secure idea at Microsoft is Linux!
NOT peanut butter & chocolate.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
To many X86 servers do not boot Windows for them to try to push that kind of lock down.
... because hibernate is pointless and never reliably works anyway. Set everything to autosave and get a distro that boots up quickly.
My little Linux and tech blog
All these security patches are just a waste of disk space. Lots of Bullshit. We should have the option to disable that crap to keep our code running as fast as possible in environments that can't be compromised, or just ones where we don't care if they are. eg. a gaming box.
Why would a company want a Windows 8 logo?
I don't know about today, but in the past, if you had a Windows logo on the box you got a discount from Microsoft on Windows.This is why all the hardware drivers I worked on had to be Microsoft-approved to ensure we could get big OEM wins.
Why would a company want a Windows 8 logo?
I don't know about today, but in the past, if you had a Windows logo on the box you got a discount from Microsoft on Windows.
Additionally, vendors who don't/won't produce "label-compliant" products are less likely to receive "marketing assistance" payments from Microsoft.
Who knew?
Any kernel that cannot boot is more secure than one that can...so the patch works! I hope it gets accepted as a security fix for kexec.
No hibernation means slow boot and slow boot will make linux more cumbersome for new users. If ubuntu (a.k.a. linux) becomes cumbersome for new users they will tell their friends how sucky linux is. And then their friends, despite of unity, will not switch to ubulinux.
I think, I don't have to spell out the possible horrific consequence: 2013 might not be the year of the linux computer.
SecureBoot is nothing more than a modern kind of vendor lock-in, so why support it at all? Haven't the FSS and OSS communities by now gained enough leverage on their own to stimulate the development of software in the direction it should go, namely that essential software, like an OS, a BIOS or a piece of firmware, should be free (in the FSS sense) for use by anyone?
By accepting and even supporting suspicious software and business models such as SecureBoot, aren't the FSS and OSS communities more or less digging their own graves because Microsoft - who admittedly has changed a lot for the better the last few years - owns the very keys their software relies on for proper functioning?
And on the Eighth Day, Man created God.
Matthew, this is one thing which astonishes me. I'm a big fan of yours. You're exceptionally intelligent (believe me, there's no whiff of irony on my part here). Still, you are able to focus so narrowly on secure boot *on its technical merits alone*.
Yes, it's one crucial link in the security chain. A security chain whose other links don't even exist yet or are made out of cardboard (and will be in the foreseeable future).
Had Microsoft proposed to make secure boot mandatory for the "classical platform" right away, the stink would have been enormous. So they prefer to boil the frogs slowly. Cf. the non-Intel platforms for a glimpse into future plans.
My take: secure boot, from a strictly technical perspective a good idea (although the implementation is gruesome, as many of the things this industry comes up with). From a "social" perspective it's utter fail, just for nothing (or just for lining Microsoft's pockets).
Still, Matthew I thank *you* for the work you are doing. Without, who knows: we might not be able to boot any free OS next year.
"vendors who don't/won't produce "label-compliant" products are less likely to receive "marketing assistance" payments from Microsoft."
Just call it bribes and be done with it. Or maybe even kickbacks, etc.
Secure Boot or Hibernation.
While I don't like the paying model of SecureBoot and its implications for OpenSource (but I'm sure this shall be sorted out), I do really appreciate the idea of having a the ring0 containing only trusted code.
One can dream of a future a little safer: a microkernel formally verified to be immune from buffer overflow, null pointer exceptions, etc. like seL4 in the ring0 installed using SecureBoot.
That would be quite a good start: from there you could run Linux on top of it (eg Linux already runs fine on top of the seL4 microkernel).
Honestly I'm giving up hibernation for a more security: not because someone physically exploiting my machine scares me but because I think that, by now, people should begin to understand that security is more important than the rest.
I need to upload this 8GB "Hibernation File" and then reboot the computer so I can gain access to it through this security hole... It'll just take me a minute or two to do that. So how stupid do they think people are to even advertise this 'major threat' ?
and if you don't want a windows PC you will buy one without windows.
Good luck finding a PC without Windows that isn't made by Apple in U.S. retail chains. Good luck figuring out how to try the keyboard and screen of a laptop made something like System76 before buying. And good luck connecting the laptop to the Internet should major home ISPs adopt Trusted Network Connect as a measure against spam, viruses, and mass copyright infringement.
How in the world has Microsoft, one single software firm, managed to usurp power enough to dictate to hardware manufacturers
It started in 1981, when IBM was looking for an operating system for its 8088-based IBM PC. Microsoft offered to undercut DRI's CP/M by buying the rights to the 86-DOS product from Seattle Computer Products, a company that had sold computer kits built around the Intel 8086 microprocessor, of which the 8088 was a cost-reduced variant. SCP had designed 86-DOS to allow developers of CP/M programs to make quick ports, and at the time, there wasn't much existing software for 8086 computers on which big companies were already relying. So a switch from CP/M to 86-DOS wasn't nearly as painful as a switch from Windows to GNU/Linux would be today.
are we headed towards a second, 'scientific' dark age?
We're already in a cultural dark age due to digital restrictions management on motion pictures and video games.
Personally I think old Ballmer has too damned much on his plate to give a shit about Linux one way or another ATM
Then why has B-17 Ballmer's company continued to pressure manufacturers of Android smartphones, charging them as much for the use of FAT file system patents and other essential patents as it would charge for a license of Windows Phone itself?
namely "Become Apple" which he is learning
Hence the patent suits.
Have you SEEN the new Acer ChromeBook? You have an X86 CPU, hard drive, RAM, etc that are so bog standard it hurts yet is so locked down you can't even run Linux X86 on the damned thing!
To reformat an Acer Chromebook into developer mode, hold F3 and Esc while turning on the power, then press Ctrl+D.
So that you could monitor in how much pain it is in?
Yes, and this lets you trigger the CPU fan to turn on or speed up whenever the CPU is under stress. This way you get nice, quiet operation when the computer is running undemanding applications such as editing the low-definition version of a video, or loud operation when you're out of the room and the computer is running something similarly CPU-demanding with all cores blazing, such as applying the chosen edits and effects to the original high-definition footage.
When I see Schroedinger's joke, a comment that both is and isn't a joke depending on how it's read, I try to make Schroedinger's reply. If the parent comment wasn't a joke, as in the case of my cousin's laptop that has a habit of overheating, my comment is helpful. If it was, my comment is a joke too. KingRobot is perceptive.
If that much security is your concern, shut down properly to save power and eat the time waste of startup, or don't shut down and just leave it running.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Fast forward to a world of locked bootloaders and I could see PC vendors having a "no-OS, bare hardware, unlocked bootloader" checkbox on every single system they sell.
Unless Microsoft changes the terms of the Windows OEM license to make it economically infeasible to offer such an option, such as its crusade a few years ago against the "naked PC".
It would cost vendors little to do this.
Other than likely having to pay full retail for Windows if the same company sells PCs without an operating system.
No big deal. As I noted above, I am quite willing to admit that I missed your joke as well.
It's possible that I bow to your superior quantum level of humor.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
most people use them as a tool and don't want to be tweaking them and configuring them
So what should one someone who owns a device do when he wants to use the device as a tool but discovers that a particular application is not available for his device because the device's monopoly gatekeeper rejected the concept? For example, someone who plays video games might want to try his hand at making a mod, but games for a certain platform aren't especially mod-friendly. It's a question of headroom for upward mobility.
If I don't as the machines owner feel I have the need or desire to preserve a chain of trust; nobody should force me to do so.
Then shut off Secure Boot and resume into your unsigned hibernation file.
Hibernation actually is a security hole. I'll ignore the kexec issue for now, but encrypted and checksummed hibernate images would be a good thing, and would be nice on a non-SecureBoot system as well. At a minumum, the hibernation image should carry a checksum of { the image data + the kernel that loaded it + relevant platform data }. That would at least prevent partially booting a suspend image with random corruption. Can SecureBoot also provide a secret key used only to encrypt the suspend image and decrypt it during boot? Or some additional data to feed into the checksum that securely identifies the platform? Or keep the suspend checksum in nonvolatile memory that can only be written to by a trusted operating system?