Safeboot: Booting Linux Safely

I really like the philosophical approach here, even if it&#x27;s too finicky to put in practice today. I&#x27;m really sick of everything being made &quot;secure&quot;, when in fact the &quot;security&quot; is for someone other than the legitimate user of the thing. Phones, laptops, physical security systems, cars, the list goes on.<p>There was a post here yesterday (<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=23149771" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=23149771</a>) about the (in)security of Linux, but the primary purpose of an OS is utility, not merely security. The leadership of the Linux project made very smart analyses of what priorities come first. Despite there being billions of insecure old devices scattered about, running old kernels, I think the kernel authors made the right call.<p>The problem rests with the manufacturers who abandoned support for those devices <i>and</i> left no escape route for users to update the kernels themselves. Most disgusting are these phone and car manufacturers, and apps, which have enabled wholesale spying on users for many years now. These devices are literal bugs, reporting realtime locations, conversations, and who knows what else to Big Brother.<p>Its a pleasure to see that some people still care enough to make the world a better place, in a way I can understand.

Slightly unrelated:<p>I currently have a custom platform key, packet everything I need for booting into a single image (signed with the custom platform key) and everything else is in a fully encrypted partition (lvm2 on dmcrypt). &quot;Decryption key&quot; is inserted via keyboard on boot, which is not to everyone&#x27;s liking but is what I want.<p>It&#x27;s not really hard to setup (on arch Linux) and works like a charm. ;-)<p>Through the drawback is that the initRamFs is only protected by the signature&#x2F;secure boot but not encrypted and combining it with some other boot related setup can be less straight forward then under a &quot;boring&quot; setup.<p>I.e. some of the thinks this project promises are already possible now, just not streamlined. Which is why it&#x27;s nice to have such a project.

&gt; fTPM tampering is out of scope since the ME is the root of all trust in the system<p>I&#x27;m wondering about this assumption. Hasn&#x27;t the ME previously been shown to be fairly straightforward to exploit?

If you&#x27;re interested in this kind of thing, Invisible Things Lab are really worth checking out <a href="https:&#x2F;&#x2F;theinvisiblethings.blogspot.com&#x2F;2009&#x2F;10&#x2F;evil-maid-goes-after-truecrypt.html" rel="nofollow">https:&#x2F;&#x2F;theinvisiblethings.blogspot.com&#x2F;2009&#x2F;10&#x2F;evil-maid-go...</a>

So what about this:<p>- Copy GRUB, bootlines for your system, your kernel and initrd to a WORM media like a bootable CD-ROM.<p>- Boot using CD-ROM.<p>- When boot completes, remove the CD-ROM.<p>Now you can&#x27;t attack my boot kernel or boot process because I&#x27;ve just physically separated it from the system and taken it with me. Even if it was there, the media is read only so you can&#x27;t modify it.<p>If I need to upgrade, I need to burn a new CD. CDs are cheap.<p>Using actual CDs would be impractical for many users, but a parallel could be implemented on a system with micro-SD card readers supporting removeable media and a physical read&#x2F;write or connection switch. Which, if we&#x27;re talking about physical switches for camera and mic, why not boot files?

Does anyone know if anything similar is possible with Windows? I am interested in the idea of signing the bootloader with your own keys to prevent other system images from being used on the system. It seems like such a system would provide much better anti-theft guarantees than existing solutions like CompuTrace&#x2F;Lojack.

I had originally hoped to enroll signing keys in the firmware of my X1 carbon until I read this post[1] on reddit claiming it has the potential to brick the laptop, and so far I haven&#x27;t found an official statement from Lenovo claiming otherwise.<p>[1] <a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;thinkpad&#x2F;comments&#x2F;epadb5&#x2F;psa_dont_install_custom_secure_boot_keys_on_x1&#x2F;feig0js&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;thinkpad&#x2F;comments&#x2F;epadb5&#x2F;psa_dont_i...</a>

Sounds like what the T2 chip does on MacOS, which I also found interesting:<p><a href="https:&#x2F;&#x2F;duo.com&#x2F;labs&#x2F;research&#x2F;secure-boot-in-the-era-of-the-t2" rel="nofollow">https:&#x2F;&#x2F;duo.com&#x2F;labs&#x2F;research&#x2F;secure-boot-in-the-era-of-the-...</a>

Anyone interested in this might like keylime.dev - its open source remote boot attestation platform.

If every Linux user would boycott AMD to release their source, then we could have libreboot: <a href="https:&#x2F;&#x2F;libreboot.org&#x2F;amd-libre.html" rel="nofollow">https:&#x2F;&#x2F;libreboot.org&#x2F;amd-libre.html</a><p>ME vs PSP isn&#x27;t much of a choice. Of course POWER might be an option eventually, but isn&#x27;t for most of us currently.