LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-27-2012, 07:59 AM   #16
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,653
Blog Entries: 2

Rep: Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095

Quote:
Originally Posted by Agon View Post
I'm sorry people, but I think my questions still remain:

1) Is there any exploit code that works on Linux which can modify the boot sector without acknowledge of the end user? And how feasible is it?
All boards with Secure Boot use UEFI, so the boot sector is irrelevant. There is the possibility that an exploit (which gets root privileges) modifies the bootloader itself, which would result in a non-booting system with Secure Boot enabled, unless the modified bootloader is signed with a key that is present in the firmware. It is however (or should be) not possible to change keys from a running OS.
With Secure Boot disabled there is nothing to prevent a hacked system from booting.

Quote:
2) Are there any newly manufactured motherboards without Secure Boot (not being able to disable the feature) available on the market today?
This question does not make much sense in this form. Mainboards without Secure Boot (which are available) do not need a feature to disable Secure Boot.
 
Old 11-27-2012, 10:52 AM   #17
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian
Posts: 2,542

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Quote:
Originally Posted by TobiSGD View Post
Corporate policies enforced in the OS are worth nothing if a part-time admin is able to boot the machine with a Knoppix CD. This approach does not work, not even after resetting the BIOS with the usual tricks, when Secure Boot is enabled without leaving traces.

If Secure Boot must be implemented is more or less meaningless when the same standard that enforces the implementation enforces that there must be a possibility to disable it and a possibility to add custom keys.
What stops the part-time admin from disabling Secure Boot? It seems like the only way Secure Boot can be useful against an attacker with physical access is if it's impossible to disable it.
 
Old 11-27-2012, 10:57 AM   #18
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,129

Rep: Reputation: Disabled
Quote:
Originally Posted by Agon View Post
I'm sorry people, but I think my questions still remain:

1) Is there any exploit code that works on Linux which can modify the boot sector without acknowledge of the end user? And how feasible is it?
Sorry for derailing your thread. The answer to the question is yes, such software has existed in the past, exploiting vulnerabilities that have since been fixed.

The boot sector does not enjoy any special protection under Linux (or Windows, for that matter). If you can write to the boot device, you can modify the boot sector. Assuming the user lacks the necessary privileges to write directly to the device, there are two common attack vectors:

1. Application vulnerability > OS privilege escalation vulnerability > boot sector modification
2. Network-exploitable OS vulnerability [ > OS privilege escalation vulnerability ] > boot sector modification

In the first scenario, the user is tricked into opening a specially-crafted file or visiting a compromised website. An application vulnerability causes code in the file/content to be executed. The code exploits an OS vulnerability to gain root privileges and alters the boot sector.

In the second scenario the user isn't really involved at all, but this will only work if the attacker can access a service on the computer remotely. A vulnerability in the OS or a remotely accessible service is exploited to inject malicious code, which then proceeds to obtain root privileges (if necessary). It then modifies the boot sector.

Quote:
Originally Posted by Agon View Post
2) Are there any newly manufactured motherboards without Secure Boot (not being able to disable the feature) available on the market today?
There are lots of motherboards without Secure Boot. Any non-UEFI board will do, as well as boards supporting UEFI versions older than 2.2.
 
1 members found this post helpful.
Old 11-27-2012, 10:57 AM   #19
jens
Senior Member
 
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,239

Rep: Reputation: 178Reputation: 178
Do you need it?
No

Is it useful?
Yes
 
Old 11-30-2012, 04:07 PM   #20
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
Frankly a motherboard manufacturer would be foolish to NOT have SecureBoot available in their UEFI products. Without it Windows 8 will not run and they will loose out on what is unarguably their largest market segment.

As I understand it SecureBoot is only enabled by default in systems sold with Windows 8 preinstalled, and even then there is a BIOS option to disable it (though Win 8 will refuse to boot if you do).

The biggest problem is for those who wish to dual boot Win 8 and Linux.
 
Old 11-30-2012, 08:44 PM   #21
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,653
Blog Entries: 2

Rep: Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095Reputation: 4095
Quote:
Originally Posted by NyteOwl View Post
Frankly a motherboard manufacturer would be foolish to NOT have SecureBoot available in their UEFI products. Without it Windows 8 will not run and they will loose out on what is unarguably their largest market segment.

As I understand it SecureBoot is only enabled by default in systems sold with Windows 8 preinstalled, and even then there is a BIOS option to disable it (though Win 8 will refuse to boot if you do).

The biggest problem is for those who wish to dual boot Win 8 and Linux.
I have to correct that. Windows 8 will run fine without Secure Boot and also on non-UEFI machines (you can easily test that with Virtualbox). Microsoft wouldn't leave the market of people that are upgrading the OS on their older machines behind.

In order to get the Windows 8 Logo certification, so that you can put a sticker on the box, the mainboard must use UEFI, support Secure Boot (with an option to disable it on non-ARM systems) and has to be shipped with enabled by default Secure Boot (not true for servers, Secure Boot may be disabled).
That means that a machine that ships with Windows 8 pre-installed can be shipped without having UEFI or Secure Boot, but can also be shipped with Secure Boot enabled without an option to disable it, as long as it does not have the Windows 8 Logo certification.

Sounds counter-intuitive and a little bit ironic, but having a Windows logo is the best way to make sure that you can install Linux.
 
1 members found this post helpful.
Old 12-01-2012, 06:01 PM   #22
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
You are of course correct regarding older systems, and self-built. I had based it on what seemed to be a discussion of commercially purchased systems with Windows pre-installed. I daresay with the possible exception of smaller makers such as local shops and such, all the major players are going to be certified/logo bearing products.
 
Old 12-02-2012, 11:57 PM   #23
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,455

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
I don't get the impression that Secure Boot / UEFI was designed by seasoned cryptologists. I'm not persuaded that it will prove to be as technically successful as hoped, and I will hereby wager a beer that it will be gone from Windows-8 as a requirement by, say, June of 2013.
 
Old 12-03-2012, 09:44 AM   #24
jens
Senior Member
 
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,239

Rep: Reputation: 178Reputation: 178
Quote:
Originally Posted by NyteOwl View Post

The biggest problem is for those who wish to dual boot Win 8 and Linux.
Having signed (and free of cost) Windows keys can be useful for Linux as well.
It's not just the bootloader but the entire boot chain that needs to work with it.

Handling UEFI Secure Boot in smaller distributions:
http://mjg59.dreamwidth.org/17542.html
https://www.suse.com/blogs/uefi-secure-boot-details/
https://github.com/mjg59/shim/tree/mok

Last edited by jens; 12-03-2012 at 10:17 AM.
 
Old 12-03-2012, 04:10 PM   #25
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
Really - depending on Microsoft for the ability to use Linux is, at least for me, NOT an option.
 
Old 12-12-2012, 06:56 PM   #26
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,455

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
Quote:
Originally Posted by NyteOwl View Post
Really - depending on Microsoft for the ability to use Linux is, at least for me, NOT an option.
Yeah, the problem with all such crypto-based systems is ... who do you trust as "the ultimate authority?" Alas, there really isn't an acceptable solution, not even in the world of SSL, where a few companies (e.g. Thawte) found themselves "in the right place at the right time" business-wise, but tasked with a role that realistically can't be met. (It is centralized in a way that probably has no real-world meaning.) Microsoft might dream of being the big-man on campus in this new space that they'd like to carve out for themselves, but I don't think that "Secure Boot" is going to survive for long as a technologically viable strategy. There are simply too many points of vulnerability, although it might be better than nothing-at-all... (which is the situation right now).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Now You Can Boot Any Linux Distro On UEFI Secure Boot PCs LXer Syndicated Linux News 2 12-16-2012 07:47 AM
[SOLVED] Does anyone understand Secure Boot? AlleyTrotter Slackware 32 10-16-2012 06:28 PM
First Secure Boot PC in Germany available TobiSGD General 2 07-22-2012 05:58 PM
LXer: 'Secure' boot: much to be scared about LXer Syndicated Linux News 0 07-13-2012 08:00 AM
Secure Boot prodonice Linux - Security 5 10-29-2008 02:36 PM


All times are GMT -5. The time now is 12:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration