Boot chain security


#1

Is it possible to have a secure boot process on the librem? i.e. if I measure bios, grub, etc. into the TPM, can I be assured that nobody can reflash the BIOS without disrupting that chain?


#2

It is very difficult to create a completely secure boot chain in a modern CPU architecture, including the Intel architecture on the Libre. I have read some papers by Joanna Rutkowska, the founder of Qubes project–these are a good reference to understand the problem. The anti-evil-maid component to Qubes attempts to reduce the attack vectors around the boot chain, but it is not perfect.

From a practical standpoint for an attacker though, these methods can impose resource and time costs that make the attack more challenging. If the attacker only has a few hours with your laptop, and is not intimately familiar with any integrity checks you have in place, I believe their odds of evading detection could drop significantly.

Some reference material (both by Joanna Rutkowska):


http://blog.invisiblethings.org/2015/12/23/state_harmful.html

A recent presentation by her on the way forward

Another recent presentation (by Matthew Garrett)


#3

THanks for the reply, but I’m not asking if there’s any absolute security and no possibility of bugs. I read that the BIOS can be modified by the user, so, for instance, coreboot could be loaded at some point. If the BIOS isn’t measured into a PCR, or it measures itself into a PCR, then there’s no secure boot chain; in a static root of trust at least. It is possible that TXT can be used to build a dynamic root of trust, but I think that falls down a lot if the BIOS is untrusted.


#4

So what is the status on this? Can I turn secure boot on or use Qubes’ anti-evil maid setup?


#5

Can you tell us more about this? I’d like to find out more details.


#6

I don’t see what would stop you from installing anti-evil-maid (see https://www.qubes-os.org/doc/anti-evil-maid/) or even heads the conventional way if you satisfy the hardware requirements (as the case for more recent librem laptops), though I myself ran into some issues with the former. So I guess you can either go ahead and try to set it up, or wait until the Purism guys finish up their integration work and get the Purism version of Heads with a Librem key, once it works and is nicely documented.


#7

I thought it is already? It’s already in the docs, called Pureboot.