Lennart Poettering
Noone asked me, but if you are curious what my take on the recent sbat/SecureBoot kerfuffle is, I'll let you know anyway:
Frankly, I find SecureBoot ultimately pretty uninteresting tech. It casts a very wide net: it basically is a politically charged global allowlist, yet is useful as a very very lose denylist only, because it necessarily contains so so so much stuff. I think the value for security is relatively limited, because it it attempts to be universal, and hence can never be focussed.
Lennart Poettering
One beef I have with GNU/FSF folks btw, is that they started that abominable campaign against TPMs back in the day, completely misunderstanding that TPMs are kinda the "democratic" thing, and if anything they should have criticized SecureBoot, but not TPMs.
shironeko
Lennart Poettering
Much more interesting is Measured Boot when tying disk encryption to it. Various OSes, including Windows have been supporting this since about forever. And it's so much better: it basically makes no restrictions on what you can run on your PC. All it enforces is: my encrypted disk can only be decrypted if the OS of my choice is booted in the version of my choice. And that's a *way* more powerful concept, because it is *focussed* on your installation, because…
Lennart Poettering
…it is is "democratic", in the sense that anyone can do this without having to get their keys into some centralized keyring.
Hence, to me it implications of SB are simply not worth it, it brings very little to the table security wise, but creates massive headaches on deployment. MB otoh actually provides a high level of security, and you don't have to ask anyone to put together your own policies.
Hence if you ask me: focus on making MB a thing on Linux, and bother with SB only to the level…
Lennart Poettering
…you really have to.
(I am trying to do my part on this of course, i.e. in systemd we measure a lot of things during boot now, and our FDE logic is hooked up with it.)
[That all said, I think SB might have some value if you enroll your own keys, which however can only work on very specific hw, and in VMs, but is probably not a solution realistic for general purpose PCs]
翠星石
Lennart Poettering
@mjg59 on my windows laptop here bitlocker locks to 0, 2, 4, 8, 9, 10, 11. Which I think is today's default on modern Windows. (I certainly didn't change it). PCR 7 is not included interestingly.
And I think the TPM stuff in windows pretty much works, no?
systemd-pcrlock tries to lock to even more PCRs by default (but might exclude some if there are measurements we don't recognize).
Matthew Garrett
@pid_eins but the default Windows behaviour for measured boot is tied to secure boot because using anything other than PCR 7 is extremely fragile
Lennart Poettering
@duxsco my own focus with systemd is definitely on providing generic components that help make any Linux based systems more secure. hence, I do care a lot about solutions that provide security and can be deployed on *generic* systems in the wild, without prior knowledge of what they provide or not. It's the "general population", or the broader IT ecosystem I care about, not some nerdy niche.
duxsco
@pid_eins I think the general population doesn't care about Secure Boot and Measured Boot. Those who do and take the topic serious buy suitable hardware, e.g. without dGPU. Secure Boot without your own keys isn't worth the hassle.
Lennart Poettering
@duxsco yeah, I have doubts though that enrolling your own keys is something that can be made "just work" on general purpose PCs.
Yes, you can do it locally, if you know your hardware very well, or if you only care about VMs or so. But for the general population, I doubt self-enrolling is really an option. Too many problems given that hw extension cards provide signed firmware too.
duxsco
@pid_eins I see some use for Secure Boot, but only if you use your own keys (no shim), use Unified Kernel Images and use Measured Boot. I do exactly that:
https://digitalcourage.social/@duxsco/113028930852304053
Lennart Poettering
@josh well, if you open up access to your logs (protected via measurements or not) to players you don't want to use them, it's kinda your own fault. Just don't do that. If you web browser passes quotes of your system to the web, it's a bug in the browser, not a problem of the TPM.
Every computing is dual-use, if you so will, I fail to see why this one should be more or less "dual-use" than anything else.
Josh Triplett
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.