Disabling Secure Boot signature validation

[mjg59]

One of the benefits of the Shim approach of bridging trust between the Microsoft key and our own keys is that we can define whatever trust policy we want. Some of the feedback we've received has indicated that people really do want the ability to disable signature validation without having to go through the firmware. The problem is in ensuring that this can't be done either accidentally or via trivial social engineering.

We've come up with one possible solution for this. A tool run at the OS level generates a random password and hashes it. This hash is appended to the desired secure boot state and stored in an EFI variable. On reboot, Shim notices that this variable is set and drops to a menu. The user then selects "Change signature enforcement" and types the same password again. The system is then rebooted and Shim now skips the signature validation.

This approach avoids automated attacks - if malware sets this variable, the user will have no idea which password is required. Any social engineering attack would involve a roughly equivalent number of steps to disabling Secure Boot in the firmware UI, so it's not really any more attractive than just doing that. We're fairly confident that this meets everyone's expectations of security, but also guarantees that people who want to run arbitrary kernels and bootloaders can do so.

Comments

Approach eases social engineering attacks

[(Anonymous)]

Any social engineering attack would involve a roughly equivalent number of steps to disabling Secure Boot in the firmware UI, so it's not really any more attractive than just doing that.

I thought firmware UIs are so diverse that it is unreasonable/impossible to guide users to the secure boot options. Luckily, this makes it very hard to attack masses of users with single social engineering attacks.

Now the Shim provides a uniform mechanism that can be exploited by a single social engineering attack? ("There is a problem with the signature validation process of your computer. To fix this problem, please reboot and enter 09sifd5b when asked for a password." CLICK-HERE-TO-REBOOT)

Am I something wrong? For me it looks like you're increasing the attractiveness for these kinds of attacks a lot.

Re: Approach eases social engineering attacks

[(Anonymous)]

I think he is. The shim should just boot into grub, and have a configuration file to see if the user wants to enable secure boot signature signing ot not

Re: Approach eases social engineering attacks

[(Anonymous)]

I meant or not ot

Re: Approach eases social engineering attacks

[(Anonymous)]

"I thought firmware UIs are so diverse that it is unreasonable/impossible to guide users to the secure boot options."

While I'm impressed by Matthew's work, I never understood this (fundamental!) argument of his.

1. There are NOT that many BIOS vendors and there are NOT that many different BIOS interfaces.
2. People need to mess with their BIOS ANYWAY to boot from a CD or USB stick!



PS: I know and like and use GRUB4DOS but it's much less newbie friendly than all the above.

Re: Approach eases social engineering attacks

[mjg59]

"There are NOT that many BIOS vendors and there are NOT that many different BIOS interfaces."

It's different for pretty much every laptop vendor, and often within different ranges from the same vendor.

"People need to mess with their BIOS ANYWAY to boot from a CD or USB stick!"

This is typically untrue (there's a separate interface for choosing a one-off boot device), and entirely untrue with UEFI.

Re: Approach eases social engineering attacks

[(Anonymous)]

"It's different for pretty much every laptop vendor, and often within different ranges from the same vendor."

Not my experience. Maybe I don't see the subtle differences any more. Or I've just been lucky.


"there's a separate interface for choosing a one-off boot device"

Only on not too old PCs but you're right it really makes things easier. It's still not the pinnacle of user friendliness though.

"..., and entirely untrue with UEFI."

Sorry if I missed one of your previous blog but... what are you referring to here? I've installed Linux on a number of (non-secure) EFI laptops already and it was not any different from any pre-EFI laptop. What did I miss?

(In fact, for most of these laptops it was actually hard to notice they were using EFI at all)

Re: Approach eases social engineering attacks

[mjg59]

I should have been clearer there. There's a huge change with Windows 8 platforms - most machines won't initialise the keyboard before boot, they'll leave that up to the OS. So you can't get into any kind of firmware boot menu at powerup time - if you boot Windows 8, in order to boot off removable media, you hold down shift while clicking poweroff and the system reboots into the bootloader, and there's a GUI for selecting the removable media you want to boot off.

Re: Approach eases social engineering attacks

[(Anonymous)]

Why do Windows 8 PCs not initialize the keyboard before boot? How would anyone go into the firmware to disable secure boot or set the system clock?

Re: Approach eases social engineering attacks

[mjg59]

To speed boot time. The bootloader can set a flag, and on next reboot the system will enter the firmware menu.

Re: Approach eases social engineering attacks

[(Anonymous)]

How would I enter the firmware menu from Linux?

Re: Approach eases social engineering attacks

[mjg59]

Set that flag in the appropriate variable, reboot.

Re: Approach eases social engineering attacks

[(Anonymous)]

How would I set that flag?