<a href="http://fedoraproject.org/wiki/Features/Trusted_Boot" title="http://fedoraproject.org/wiki/Features/Trusted_Boot">http://fedoraproject.org/wiki/Features/Trusted_Boot</a> is a proposed
feature for F16. We've traditionally had a hard objection to the
functionality because it required either the distribution or downloading
of binary code that ran on the host CPU, but it seems that there'll
shortly be systems that incorporate the appropriate sinit blob in their
BIOS, which is a boundary we've traditionally been fine with.
However, this is the kind of feature that has a pretty significant
impact on the distribution as a whole. Fesco decided that we should
probably have a broader discussion about the topic. The most obvious
issues are finding a sensible way to incorporate this into Anaconda, but
it's also then necessary to make sure that bootloader configuration is
updated appropriately.
Outside that, is there any other impact? Does tboot perform any
verification of the kernels, and if so how is that configured? Is the
expectation that an install configured with TXT will only boot trusted
kernels, and if so what mechanism is used to verify the kernel? Is there
any further integration work that has to be performed for this to be
useful?
Comments
Re: Trusted Boot in Fedora
By nodata at 06/24/2011 - 16:21Two questions:
1. Can you please add some information to the feature page? I can't tell
what TrustedBoot is and how it works.
2. This seems like Trusted Computing, which got shot down in flames.
Does TrustedBoot go against the core values of Fedora?
nd
On 22/06/11 21:02, Matthew Garrett wrote:
Re: Trusted Boot in Fedora
By Simo Sorce at 06/24/2011 - 17:09On Fri, 2011-06-24 at 22:21 +0200, nodata wrote:
Who shot it and why ?
Only if it is not under user control, otherwise it is a very useful
feature.
Simo.
Re: Trusted Boot in Fedora
By Camilo Mesias at 06/25/2011 - 04:13Hi,
On Fri, Jun 24, 2011 at 5:09 PM, Simo Sorce < ... at redhat dot com> wrote:
I don't know about Trusted Computing but this does remind me of the
Pentium III processor serial number that wasn't well received - even
though in theory it had what many people would consider a reasonable
purpose. In other words, tracking down CPUs that were sometimes stolen
by the truckload.
In a sense, part of it isn't under user control. There is a secret in
there, held against the user, and possibly known by the manufacturer
or other third parties. There is also a black box of code that could
do anything. I'm not really that paranoid but it is worth considering
the worst case, just as a theoretical possibility. What if the device
became standard by virtue of being bundled with every consumer
device... what if it became crucial to system operation somehow...
what if that device could then be disabled remotely, either rendered
useless by the secret being disclosed, or some unknown functionality
could be triggered in that signed but opaque blob of code.
Already there are systems that have whitelisted hardware (eg. wireless
cards in netbooks) and the BIOS polices the presence of the right
device. If you make unauthorised modifications to the BIOS, you can
install any compatible wireless card (or WWAN device). BUT if the BIOS
was signed and loaded by a trusted method, this option would not be
available.
Apart from that there is the aspect of identification - this is as
good a way of identifying a system as the processor serial number was.
I think it is worth including in open source systems, but only so the
devices and methods can be better understood, and probably turned off
/ disabled at the earliest opportunity if there isn't a compelling
benefit to having them.
-Cam
Re: Trusted Boot in Fedora
By Przemek Klosowski at 06/28/2011 - 17:25On 06/25/2011 04:13 AM, Camilo Mesias wrote:
the processor serial number (PSN) wasn't shut down---every post-PIII CPU
has it. The access is often disabled by the BIOS, but it's there:
<a href="http://pcworld.about.net/magazine/1903p198id38601.htm" title="http://pcworld.about.net/magazine/1903p198id38601.htm">http://pcworld.about.net/magazine/1903p198id38601.htm</a>
I think that TPC requires that PSN are enabled, but I can't think of why.
Re: Trusted Boot in Fedora
By R P Herrold at 06/28/2011 - 18:09probably to provide a unique serial number to use as part of
the TPM attestation private key generation, to ensure
uniqueness and to prevent a replay type attack
-- Russ herrold
Re: Trusted Boot in Fedora
By Nathanael D. Noblet at 06/28/2011 - 17:50On 06/28/2011 03:25 PM, Przemek Klosowski wrote:
My guess is that it checks for that changing as part of its 'hash' if it
changes we know something moved... maybe we're no longer on original
hardware etc...
Re: Trusted Boot in Fedora
By Chris Adams at 06/25/2011 - 12:52Once upon a time, Camilo Mesias < ... at mesias dot co.uk> said:
You already have that; it is called System Management Mode.
Fedora supporting or not supporting it will have zero impact on that
outcome happening or not happening.
All of that is pre-kernel, so either can or cannot happen no matter what
Fedora does. None of that has any bearing on the technical discussion
about whether Fedora should or should not include this functionality in
the installer.
I think there is some misunderstanding about what the discussion is
supposed to be about. The supporting open source code is already in
Fedora. The feature request is simply to modify grubby/anaconda to set
up the boot entries to include the support by default (or when the
hardware is found).
Re: Trusted Boot in Fedora
By JB at 06/25/2011 - 21:21Chris Adams <cmadams <at> hiwaay.net> writes:
Hi,
I think Fedora should be careful here - it is a minefield.
It is treacherous, as already expressed by other and competent people. Respect
them, there was a reason they said that.
I personally think that free and open-source product should stay away from
TPM entirely.
One one hand - it is about trusted boot:
This can already be achieved partially now, with open-source tools (GPG, etc),
and can be enhanced with e.g. a combination of hardware/software solution that
would be *non-hardwired*, *portable*, *open-source* and *"free"*, and up to
machine owner and user to utilize.
Signed where appropriate with *your* GPG key.
Think of what the trend and the state-of-art-and-mind are in regard to this;
Iwao's post is very helpful here.
<a href="http://lists.fedoraproject.org/pipermail/devel/2011-June/153456.html" title="http://lists.fedoraproject.org/pipermail/devel/2011-June/153456.html">http://lists.fedoraproject.org/pipermail/devel/2011-June/153456.html</a>
This could be achieved now or soon without deep fundamental considerations,
by the open-source community itself.
On the other hand - it is about OS isolation (OS rings):
Ring (computer security)
<a href="http://en.wikipedia.org/wiki/Ring_%28computer_security%29" title="http://en.wikipedia.org/wiki/Ring_%28computer_security%29">http://en.wikipedia.org/wiki/Ring_%28computer_security%29</a>
This is a separate issue, in my mind.
In this sense, TPM is about "ring -1", and in the future "ring -2", etc :-)
This is about virtualization, and more.
It goes much deeper into OS design and architecture, hardware and software.
It should be addressed fundamentally by competent people, companies and
organizations.
Leave it to them, but watch and participate.
Finally.
Btw, TPM, or TXT exactly, can be hacked too (that has been done already).
JB
Re: Trusted Boot in Fedora
By JB at 06/28/2011 - 16:21JB <jb.1234abcd <at> gmail.com> writes:
... and she is cute too :-)
<a href="http://theinvisiblethings.blogspot.com/search/label/trusted%20execution%20technology" title="http://theinvisiblethings.blogspot.com/search/label/trusted%20execution%20technology">http://theinvisiblethings.blogspot.com/search/label/trusted%20execution%...</a>
and some more ...
<a href="http://siblog.mcafee.com/data-protection/tpm-undressed" title="http://siblog.mcafee.com/data-protection/tpm-undressed">http://siblog.mcafee.com/data-protection/tpm-undressed</a>
<a href="http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10625082&pnum=0" title="http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10625082&pnum=0">http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10...</a>
... and those we do not know about ^.^
JB
Re: Trusted Boot in Fedora
By Matthew Garrett at 06/28/2011 - 16:34On Tue, Jun 28, 2011 at 08:21:23PM +0000, JB wrote:
Which is irrelevant to the discussion and also inappropriate for this
list.
Re: Trusted Boot in Fedora
By Michael Cronenworth at 06/28/2011 - 16:27JB wrote:
Seeing that Trusted Boot is not going to be a F16 feature I don't think
we have to worry about any security implications for the time being.
That is... until next time.
Re: Trusted Boot in Fedora
By nodata at 06/25/2011 - 17:32On 25/06/11 18:52, Chris Adams wrote:
Please could you update the Feature page to say what exactly Trusted
Boot is?
Re: Trusted Boot in Fedora
By Bernd Stramm at 06/24/2011 - 17:15On Fri, 24 Jun 2011 17:09:22 -0400
Nevertheless, the feature page contains no documentation about what it
actually is. Neither does the sourceforge.net page of the project.
It seems like a reasonable request that this documentation be added.
Re: Trusted Boot in Fedora
By Simo Sorce at 06/24/2011 - 17:52On Fri, 2011-06-24 at 17:15 -0400, Bernd Stramm wrote:
I agree on this point.
Simo.
Re: Trusted Boot in Fedora
By JB at 06/23/2011 - 10:21Matthew Garrett <mjg59 <at> srcf.ucam.org> writes:
Hi,
there will be some posts on Fedora users and testers lists, so please take
a look.
<a href="http://lists.fedoraproject.org/pipermail/users/2011-June/400539.html" title="http://lists.fedoraproject.org/pipermail/users/2011-June/400539.html">http://lists.fedoraproject.org/pipermail/users/2011-June/400539.html</a>
<a href="http://lists.fedoraproject.org/pipermail/test/2011-June/100976.html" title="http://lists.fedoraproject.org/pipermail/test/2011-June/100976.html">http://lists.fedoraproject.org/pipermail/test/2011-June/100976.html</a>
In the meantime, I got access to this mailing list, so all is well :-)
I have done some inventory on this topic, and have some questions.
The Intel Trusted Platform consists of two components:
- Trusted Platform Module (TPM) chip
A hardware component, consisting of cryptographic processor and secure
memory.
- Trusted Boot
A software component, open-source and partially close-source (?) components,
in Fedora packages.
# yum install tboot
Installing:
tboot i686 20110429-1.fc15 fedora 355 k
Installing for dependencies:
trousers i686 0.3.6-1.fc15 fedora 279 k
Trusted Boot is a mechanism by which a pre-kernel/VMM module (that uses Intel
Trusted Execution Technology (Intel TXT)) performs a measured (pre-identified)
and verified launch of an OS kernel/VMM.
First, the obvious questions.
Why do you need Trusted Boot mechanism to ensure that identified and origin-
verified Linux kernel is booted ?
Why signing a kernel (a la GPG) is not good enough to verify its origin at
boot time ?
Now, regarding the Trusted Boot solution.
The obvious question:
why does an open-source distro like Fedora (but also Red Hat) want to
philosophically accept and technically support this solution ?
Will the TPM allow a third party remote access to the machine ?
Will the TPM be BIOS-configurable (enable/disable) by the user (hardware
owner) ?
If so, how will that impact the kernel selection in boot process (tboot
enable/disable) ?
How is that tboot blob module secured from tampering ?
By the virtue of beeing associated with the "root of trust" ?
If the Launch Control Policy can be created and modified by the user, then
what prevents an attacker from impersonating the usersysadmin, modifying
the policy, and causing a denial-of-boot or unintended-boot attack ?
There is more that this project implements (root of trust, etc).
Ref: tcsd(8)
Can that "root of trust" be compromised by TSS applications or any other
means (e.g. through tools provided by this project) ?
...
Ref: tcsd(8)
DEVICE DRIVERS
tcsd is compatible with the IBM Research TPM device driver available
from <a href="http://www.research.ibm.com/gsal/tcpa" title="http://www.research.ibm.com/gsal/tcpa">http://www.research.ibm.com/gsal/tcpa</a> and the TPM device driver
available from <a href="http://sf.net/projects/tmpdd" title="http://sf.net/projects/tmpdd">http://sf.net/projects/tmpdd</a>
Are these drivers open-source ? Is TPM device driver open-source ?
JB
Re: Trusted Boot in Fedora
By Przemek Klosowski at 06/28/2011 - 17:03Why does the TB require closed-source components? I understand that the
code has to be inalterable, but since it is a small and well-defined
piece of infrastructure it could be crypto-signed once and for all.
Having source code access doesn't give anyone more privileges than a
binary blob.
Re: Trusted Boot in Fedora
By Miloslav =?UTF-... at 06/23/2011 - 12:15On Thu, Jun 23, 2011 at 4:21 PM, JB <jb. ... at gmail dot com> wrote:
Note that none the keys in TPM are not pre-loaded by any distrusted
software company - each TPM generates its own keys.
Also note that the TPM does not, itself, stop any software from
running, or disconnect anything from a network, and so on - this needs
to be done outside of the TPM, using mechanisms that (mostly) already
exist anyway (e.g. a network switch that only connects devices that
authenticate with a password).
(From a practical standpoint, AFAICS it would be _much_ easier to set
up the network access restriction by an IT department than to set up
DRM by a world-wide software vendor - I can't see how would one even
start to build the list of allowed configurations of all
general-purpose computers, which would be necessary for the DRM.)
1) If the LCP did not require a signed kernel, and the attacker has
modified it to require a signed kernel, this is not really different
from an attacker deleting /boot. If an attacker has root access,
denial of service is the smallest of your problems.
2) If the LCP required a signed kernel, and the attacker has somehow
managed to configure the system to boot a different kernel (without
getting complete root access), then "denial of boot" would be
considered a success - the policy has worked exactly as the sysadmin
configured it.
The big question here is kernel upgrades - there has to be a mechanism
to replace the old "allowed" kernel by a newer version, and I don't
know how that is supposed to work. And assuming an attacker with root
access, it might be possible for the attacker to use this upgrade
mechanism to let the system boot a modified kernel without violating
the LCP.
Re: Trusted Boot in Fedora
By Denys Vlasenko at 07/18/2011 - 11:29On Thu, 2011-06-23 at 18:15 +0200, Miloslav Trmač wrote:
How is this possible? The kernel was somehow installed. TPM was informed
about it (I don't know, sha hash was written into a flash
which is physically in the processor?).
Why attacker with physical access to the computer
can't install his tampered kernel and save its hash?
Re: Trusted Boot in Fedora
By Miloslav =?UTF-... at 07/18/2011 - 12:452011/7/18 Denys Vlasenko < ... at redhat dot com>:
Re: Trusted Boot in Fedora
By JB at 06/23/2011 - 13:30Miloslav Trmač <mitr <at> volny.cz> writes:
You are wrong here.
<a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module" title="http://en.wikipedia.org/wiki/Trusted_Platform_Module">http://en.wikipedia.org/wiki/Trusted_Platform_Module</a>
"...
Overview
... It also includes capabilities such as remote attestation ..."
Also:
<a href="http://lists.fedoraproject.org/pipermail/users/2011-June/400545.html" title="http://lists.fedoraproject.org/pipermail/users/2011-June/400545.html">http://lists.fedoraproject.org/pipermail/users/2011-June/400545.html</a>
There is more to that.
With regard to "root of trust" origin, meaning, applications:
1. OS privilege isolation
<a href="http://communities.intel.com/community/openportit/vproexpert/blog/2011/01/25/trusted-execution-technology-aka-txt-what-is-it?wapkw=%28trusted+boot%29" title="http://communities.intel.com/community/openportit/vproexpert/blog/2011/01/25/trusted-execution-technology-aka-txt-what-is-it?wapkw=%28trusted+boot%29">http://communities.intel.com/community/openportit/vproexpert/blog/2011/0...</a>
"...
Who remembers the ring hierarchy introduced on the 286 that allowed
creating an operating system with privilege isolation?
...
Trusted Execution Technology (TXT) comes as a reinforcement to deal with
threats that act on the same level of the kernel operating system or even
more privileged levels -- like hypervisor’s malware, where the malicious
code can take advantage of the CPU virtualization instructions to emulate
hardware instructions and completely control the operating system.
..."
2. platform integrity (hardware plus software)
<a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module" title="http://en.wikipedia.org/wiki/Trusted_Platform_Module">http://en.wikipedia.org/wiki/Trusted_Platform_Module</a>
"...
Platform Integrity
... In this context "integrity" means "behave as intended" and
a "platform" is generically any computer platform - not limited to PCs or
just Windows ...
...
Together with the BIOS, the TPM forms a Root of Trust: ...
..."
3. DRM; Software Licensing.
<a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module" title="http://en.wikipedia.org/wiki/Trusted_Platform_Module">http://en.wikipedia.org/wiki/Trusted_Platform_Module</a>
"...
Other uses and concerns
Almost any encryption-enabled application can in theory make use of a TPM,
including:
Digital rights management
Software license protection & enforcement
..."
JB
Re: Trusted Boot in Fedora
By Andrew Haley at 06/24/2011 - 06:49What I don't understand is why this feature requires a binary blob.
Surely whatever northbridge code is required can be free software,
Is this just security through obscurity?
Andrew.
Re: Trusted Boot in Fedora
By Miloslav =?UTF-... at 06/24/2011 - 15:49On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley < ... at redhat dot com> wrote:
The purpose of the blob is to "measure" the system state; only the
blob (and hardware reset) is allowed to restart the "measuring"
process in the TPM. For this to work securely, the blob must be
signed by someone that the TPM itself trusts - otherwise an attacker
could replace the blob by something that lies about the system state.
So, from a standpoint of hacking, it doesn't matter - users won't have
the practical freedom to modify the blob anyway because they can't
sign it.
Re: Trusted Boot in Fedora
By Andrew Haley at 06/27/2011 - 06:11On 24/06/11 20:49, Miloslav Trmač wrote:
What we're saying, then, is that the TPM doesn't trust the owner of
the computer, but its manufacturer. It's impossible for a user to
decide who they trust.
Surely, from a Fedora standpoint, this is a complete non-starter.
Andrew.
Re: Trusted Boot in Fedora
By Miloslav =?UTF-... at 06/27/2011 - 09:12On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley < ... at redhat dot com> wrote:
First, the TPM (nor the CPU) really can't tell the difference between
the owner of the computer and an author of a virus. It's all just
software.
Second, every owner of a computer has to completely trust the
manufacturer of the computer anyway - there are way too many ways the
manufacturer can break the security of the system, e.g. backdoors in
the CPU or motherboard, or hidden configurations of
<a href="https://secure.wikimedia.org/wikipedia/en/wiki/Intel_AMT" title="https://secure.wikimedia.org/wikipedia/en/wiki/Intel_AMT">https://secure.wikimedia.org/wikipedia/en/wiki/Intel_AMT</a> .
Placing trust in the manufacturer of the hardware puts the user in no
worse position than they were before. And the user, of course, still
has full control over whether to use the TPM or not, and what to use
it for.
Mirek
Re: Trusted Boot in Fedora
By =?iso-8859-1?q?... at 06/29/2011 - 07:48Miloslav Trmač wrote:
A jumper on the motherboard, or some other kind of physical circuit breaker,
can do that. It would have been possible to design the TPM to accept a new
master key only when a certain circuit is closed.
Björn Persson
Re: Trusted Boot in Fedora
By =?ISO-2022-JP?B... at 07/03/2011 - 10:44On Wed, 2011-06-29 at 13:48 +0200, Björn Persson wrote:
It would have been possible, but remember the purpose and history of
Trusted Computing (of which this is a fundamental part) before it hit
the commercial scene. Originally this was conceived as a way for
government workers of various types to be able to use secure computing
systems even *after* an unattended period. The whole concept is based on
finding a way to circumvent the first law of information security: "If
the attacker has physical access you don't have security." If a
circumvention jumper were designed into the system this would defeat the
purpose.
Today we are having this discussion in the commercial and private space
only because it is a technology the government already understands and
would therefore feel confident in designing anti-circumvention
legislation around to suit the needs of the pro-DRM folks. It has the
added benefit that a red herring "security for everyone" argument can be
made to support the concept of including DRM enablers into all digital
devices in the commercial space. Of course, the TPM piece being an
Intel-only standard and the software behind it being a black-box set of
processes undercuts the non-DRM commercial hype at the root. This being
naturally of benefit to Intel far more than it is of benefit to anyone
interested in actually knowing what their system is up to (one phrase
for that is "information security") is easy to overlook.
The idea that government interest is still driving this is a bit shallow
-- there are already functionally identical systems which have been
fielded (and the customer in this case, who really is concerned with
complete security, does not have the handicap of being made to trust any
black-box processes at any level, anywhere) and I've already attempted
to place this discussion in perspective elsewhere. In short, this is a
step toward DRM of a sort nobody can quite fathom yet. Ultimately it
will prove to be scary to the point that I seriously feel it will be
dropped in the commercial space and media providers (and Microsoft) will
simply have to evolve or get eaten by whoever else does first.
-Iwao
Re: Trusted Boot in Fedora
By Nicolas Mailhot at 06/28/2011 - 03:59Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
I don't call placing absolute vetting power in bios writer hands "no worse
position". I don't thing anyone can point to a "good" bios on real world
hardware.
Re: Trusted Boot in Fedora
By Adam Jackson at 06/28/2011 - 10:01On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
I appreciate the disdain - no, really, trust me, I do - but you should
realize that SMM means you already may have no control over the machine.
- ajax
Re: Trusted Boot in Fedora
By Adam Williamson at 06/29/2011 - 02:07On Tue, 2011-06-28 at 10:01 -0400, Adam Jackson wrote:
Well, the fact that BIOSes aren't open source means that anyway. As far
as we the users are concerned, the BIOS is black box code which runs
with the ultimate in administrative privileges. It could be doing
_anything_ back there. SMM is a fairly standardized example of this,
sure, but there's no way we can really be sure our BIOS isn't doing a
zillion other 'bad things'. The point where you tip over into excessive
paranoia is a bit hard to discern when you start going down this road,
though...
Re: Trusted Boot in Fedora
By Peter Jones at 06/30/2011 - 09:44On 06/29/2011 02:07 AM, Adam Williamson wrote:
That's not as true as it used to be:
<a href="https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/" title="https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/">https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/</a>
Most system vendors that ship this still have a bizarre belief that some
drivers should remain proprietary, but other than that many are shipping
fairly pristine checkouts.
Re: Trusted Boot in Fedora
By =?iso-8859-1?q?... at 06/29/2011 - 07:36Adam Williamson wrote:
That's not impossible to change though. I have never dared to try Coreboot
myself, for fear of destroying my motherboard, but in principle it's possible
to replace the BIOS in most current computers with a free implementation. It's
looking like the TPM makes it impossible to replace Sinit with a free clone.
Björn Persson
Re: Trusted Boot in Fedora
By Adam Williamson at 06/29/2011 - 13:12On Wed, 2011-06-29 at 13:36 +0200, Björn Persson wrote:
"Most current computers"? The support list -
<a href="http://www.coreboot.org/Supported_Motherboards" title="http://www.coreboot.org/Supported_Motherboards">http://www.coreboot.org/Supported_Motherboards</a> - is tiny, and doesn't
include any even vaguely recent Intel chipset that I can see. And it
includes a grand total of four laptops, two of which I've never heard
of.
Re: Trusted Boot in Fedora
By =?iso-8859-1?q?... at 06/29/2011 - 19:50Adam Williamson wrote:
Most current computers have their BIOS stored in a flash memory and allow you
to overwrite it with a newer version. Instead of a newer version of the unfree
BIOS you can install a free BIOS, if you have one. That is, *in principle*
it's possible to replace the BIOS in any computer where the BIOS can be
upgraded. Getting a free BIOS for your particular motherboard is a so-called
simple matter of programming.
The point I'm trying to make is that there's a difference between an unfree
Sinit and an unfree BIOS, in that while you can *theoretically* replace the
BIOS, you will never be able to replace Sinit no matter how much you program,
because the TPM will reject any Sinit clone that isn't signed by Intel. (At
least that's what people seem to be saying around here.)
Björn Persson
Re: Trusted Boot in Fedora
By Jon Ciesla at 06/28/2011 - 10:08Honestly what I think it comes down to in the end, for me, is information.
We need to see more information in the Feature Request before this should
even have a shot, as the flurry of questions shows. Additionally, if the
information presented then clearly explains the situation, and all source
code is available and it meets our guidlines, then we're probably better
off with the technology available in Fedora than not. Vendors and RHEL
customers will likely want it at some point, so we may as well have it in
Fedora so that we can learn how to use it and how to counteract it if need
be. Of course, if more information shows there to be signifigant conflict
with our guidlines, then it's moot.
-J
Re: Trusted Boot in Fedora
By Simo Sorce at 06/27/2011 - 10:08On Mon, 2011-06-27 at 15:12 +0200, Miloslav Trmač wrote:
Trusting the manufacturer to not put bugs/backdoors is one thing.
Having to depend on the manufacturer to sign your boot sequence is
entirely different, doesn't scale and is generally not welcome.
If the manufacturer allows you to put in the TPM your own set of keys
then it's different as the user now has the power to do his own kernels
and sign them with his own key and have it verify by the TPM.
If the user trusts Fedora to do that he'd store a Fedora public key in
the TPM, if he doesn't he'll just not use TPM or re-sign kernels on
update on his own with his personal key.
Simo.
Re: Trusted Boot in Fedora
By Miloslav =?UTF-... at 06/27/2011 - 10:53On Mon, Jun 27, 2011 at 4:08 PM, Simo Sorce < ... at redhat dot com> wrote:
The hardware manufacturer _only_ signs the sinit blob. Any kernel/OS
you use can be measured/"protected" by the TPM without any further
involvement of the manufacturer.
Mirek
Re: Trusted Boot in Fedora
By Simo Sorce at 06/27/2011 - 11:14On Mon, 2011-06-27 at 16:53 +0200, Miloslav Trmač wrote:
How does the sinit blob verify the kernel ?
Can you add some documentation about that in the feature page request as
others have asked please ?
Thanks,
Simo.
Re: Trusted Boot in Fedora
By Miloslav =?UTF-... at 06/27/2011 - 11:27On Mon, Jun 27, 2011 at 5:14 PM, Simo Sorce < ... at redhat dot com> wrote:
It doesn't, really. My understanding is that it takes a hash of the
contents of memory (and perhaps other state, I don't know) and submits
this "measurement" to the TPM. The sinit blob doesn't contain any
policy or configuration: it is only a mechanism for reducing the
complete "system state" into a hash value.
The hardware owner configures the TPM so that submitting specific
"measurements" is required to use keys stored in the TPM. What those
keys do is not specified by the TPM: for example, they may be used to
allow access to an encrypted hard drive, or to sign the "remote
attestation" data.
Re: Trusted Boot in Fedora
By Tom "spot" Callaway at 06/29/2011 - 10:10On 06/27/2011 11:27 AM, Miloslav Trmač wrote:
One of my biggest concerns here is that we don't know what the
proprietary sinit blob is doing, nor do I think that it is likely that
Intel will show us.
It seems to me that the situation is this:
Intel has convinced some hardware vendors (IBM and Dell, possibly
others) to embed the sinit blob in their BIOSes on very new systems.
Intel wants Fedora to automatically check for:
A) The system's capability to leverage found TPM hardware
B) The presence of the sinit blob in the system BIOS
If A and B are true, then Fedora adds an additional grub configuration
for a "trusted-kernel" scenario. As uncomfortable as I am with us
enabling process around undocumented BIOS magic, there is some precedent
within the Linux kernel for that sort of thing.
It also sounded like Intel wanted hooks in there so if A is true, but B
is not, Fedora would prompt the user to download the sinit blob
(arguably, B will be false on the majority of Fedora systems for at
least the next few years). I am extremely opposed to this, for
presumably obvious reasons.
~tom
==
Fedora Project
Re: Trusted Boot in Fedora
By Miloslav =?UTF-... at 06/27/2011 - 11:282011/6/27 Miloslav Trmač < ... at volny dot cz>:
To avoid a misunderstanding, "hardware owner" is "the customer", not
"hardware manufacturer".
Mirek
Re: Trusted Boot in Fedora
By Bernd Stramm at 06/27/2011 - 10:29On Mon, 27 Jun 2011 10:08:44 -0400
On the subject of trust, may I repeat that this is at present entirely
undocumented. The feature page contains nothing whatsoever saying
what this is, except for a link to a sourceforge project.
The sourceforge project in turn contains nothing saying what the
software does. Nothing.
I have found something that looks related here
<a href="http://www.intel.com/technology/security/downloads/315168.htm" title="http://www.intel.com/technology/security/downloads/315168.htm">http://www.intel.com/technology/security/downloads/315168.htm</a>
but is that it? How would anyone know?
Re: Trusted Boot in Fedora
By =?iso-8859-1?q?... at 06/24/2011 - 10:02Andrew Haley wrote:
That's a good question. I get the impression that Sinit (as the blob seems to
be called) is from Intel. Intel is a hardware company. Selling licenses for
unfree software isn't their business model, and they're already involved in
writing free drivers for their graphics and wifi chips. If Intel is pushing to
have this feature included in Fedora, what prevents them from setting Sinit
free?
Björn Persson
Re: Trusted Boot in Fedora
By JB at 06/24/2011 - 03:25JB <jb.1234abcd <at> gmail.com> writes:
<a href="http://en.wikipedia.org/wiki/Trusted_computing" title="http://en.wikipedia.org/wiki/Trusted_computing">http://en.wikipedia.org/wiki/Trusted_computing</a>
TC is controversial because it is technically possible not just to secure the
hardware for its owner, but also to secure against its owner. Such controversy
has led opponents of trusted computing, such as Richard Stallman, to refer to it
instead as treacherous computing, even to the point where some scholarly
articles have begun to place quotation marks around "trusted computing".
JB
Re: Trusted Boot in Fedora
By Rahul Sundaram at 06/24/2011 - 04:07On 06/24/2011 12:55 PM, JB wrote:
If you have *specific* concerns, let's hear those. You seem to just
quoting parts of a public wiki page anyone can read. I don't see the
point of that
Rahul
Re: Trusted Boot in Fedora
By Clyde E. Kunkel at 06/24/2011 - 12:25On 06/24/2011 04:07 AM, Rahul Sundaram wrote:
Rahul,
Seems he is using references to support contentions...like a scholarly
journal article. With respect, just as you are free to criticize on
these mailing lists, he is free to speak on them as long as he follows
proper netiquette.
Re: Trusted Boot in Fedora
By Rahul Sundaram at 06/24/2011 - 11:04On 06/24/2011 09:55 PM, Clyde E. Kunkel wrote
The proper etiquette would be to use the reference once and state the
contention along with it. Not merely copy paste wikipedia article
content multiple times in a thread especially when you are confusing
remote attestation with remote access. What am I suggesting is a more
effective way. and less noise.
Rahul
Re: Trusted Boot in Fedora
By JB at 06/25/2011 - 03:24Rahul Sundaram <metherid <at> gmail.com> writes:
Now you know what it is ...
I think you are in over your head ...
Exactly, that's all you do ... your thought added value in the thread is zero.
Colorado Cops Arrest Man Who Hid Inside Toilet Tank At Yoga Festival
<a href="http://www.thesmokinggun.com/buster/toilet/colorado-toilet-tank-arrest-649031" title="http://www.thesmokinggun.com/buster/toilet/colorado-toilet-tank-arrest-649031">http://www.thesmokinggun.com/buster/toilet/colorado-toilet-tank-arrest-6...</a>
JB
Re: Trusted Boot in Fedora
By Kevin Fenzi at 06/25/2011 - 09:04...snip...
Can we move this back to technical, Fedora development related
discussion?
thanks,
kevin
Re: Trusted Boot in Fedora
By Camilo Mesias at 06/25/2011 - 12:26On Sat, Jun 25, 2011 at 2:04 PM, Kevin Fenzi < ... at scrye dot com> wrote:
I am slightly disappointed with this response, after all, to quote the
original message
"Fesco decided that we should probably have a broader discussion about
the topic"
I take it you / FESCO have had enough now?
-Cam
Re: Trusted Boot in Fedora
By Kevin Fenzi at 06/25/2011 - 12:41On Sat, 25 Jun 2011 17:26:08 +0100
No. I am saying that I personally have had enough of personal attacks
and side discussions on quoting styles. :)
I welcome posts back on the technical topic of trusted boot. ;)
kevin