-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better explain Heads functionnings and limitation #62
Comments
Should be considered in limitations when implementing linuxboot/heads#921 |
Another note of interest here is that Heads does not implement dmverity checks as of now (was in before, never really documented, could have worked with patches to QubesOS 3.2 but never happened for QubesOS, where I cannot find link to past discussions as of right now.) For QubesOS to support such setup (as safeboot goal) QubesOS disk layout and keeping QubesOS from constantly writing into the rootfs layer (which should not change outside of updates) needs to be implemented. |
The best Heads implements, as of right now, in my opinion, is:
Any other implementation proposed previously would lower the security offered. The above implementation comes with limits as well. In theory, it would be totally possible to:
On TPM-less USB Security dongle-only enforced remote attestation (firmware integrity remote attestation on USB Security dongle through HOTP):
On LUKS encrypted backup of key generation:
On LUKS encrypted partition replacing USB Security dongle:
|
@tlaurion More detail and better explanations are needed in the wiki but how would this be organized? This, when all together, seems like it lead to more questions from new users. Diagrams laying out where everything is stored and a glossary may be useful but seem like they are outside of the scope of this ticket. I'll open new ones. |
Sandy and Ivy bridge (xx20/xx30) get platform locking (no SPI write outside of Heads) through linuxboot/heads#326 |
Take into consideration #116 when updating docs to differenciate measuring and sealing operations. |
Detailed again what kexec*.txt files are for, as detached signed under kexec.sig under linuxboot/heads#1620 (comment) Time to work on docs! |
Discussion on bootguard vs bootblock RoT at https://matrix.to/#/!GzefHyBKGoKjOgarWV:matrix.org/$Fa2nJy6D0W0mNELnNzUJVYAXhZoVGn1Dw4Mqtmax9qg?via=dreamless.one&via=matrix.org&via=tchncs.de |
Edit: best unbiased, user written doc at https://tech.michaelaltfield.net/2023/02/16/evil-maid-heads-pureboot/
The following should go into a wiki page.
Actual Heads security mechanisms are:
Measured /boot, requiring a USB Security dongle to offload GPG operations (signing with private key in smartcard). The verification of detached signed /boot digest is automatic on each boot, verified against public key injected in firmware (and measured by TPM).
Firmware remote attestation (TOTP, HOTP) of measured firmware components, including GPG public key into PCR7, used to provide validation of detached signed digest of precedent step.
Disk Unlock Key, using NV TPM reserved space to release Disk Unlock Key when (1) (2) and LUKS header + Disk Unlock Key passphrase are valid, while rate limiting passphrase attempts by the TPM. (Note that if going into recovery shell, measurements are invalidated and this won't be successful)
Let's focus on (1) here.
For more information, please read: https://www.linuxjournal.com/content/why-smart-cards-are-smart
The text was updated successfully, but these errors were encountered: