Qubes doesn't support secure boot unfortunately. I think its batshit crazy to consider a pc even reasonably secure without it.
Hello,
I do understand using secureboot is not the perfect way but it's not always possible to achieve this.
What we have is a custom bios that implements a nailed down version of secureboot where we control the secure boot databases, So that should reduce the risk of a 3rd party allowing software that we don't want to.
All that needs to be done from Qubes side to accomodate this is to make sure the efi executable are signed and the make sure the ceriticate for the public key is available. Once this is done we can add this to our database and we can leave secureboot enable when we use Qubes.
So basically my question to the Qubes maintainers is if they will be supporting this scenario at any point in time. If not we are forced to create another scenario.
Thanks in advance for your cooperation,
Wim Vervoorn
That sounds insane, what systems are those? Yes Joanna started saying things Richard Stallman had been saying for years. But its Still just alot of "what ifs"...
In reality, and what we know as true facts, and what is, is that secure boot stops attacks like hacking teams insyde bios exploit. Nothing else would. And yes these things can happen remotely, physical access is not required. An OS probably isn't even required. Even Richard Stallman has changed his tune and says secure boot is ok to use in its current state as a security feature. He half halfheartedly admits he was wrong by saying Microsoft failed its intended purpose. So any FSF hippie nut still preaching against secure boot is just a hater. A hater of microsoft, a hater of redhat, and someone who doesn't want to admit they were wrong.
I think its insane to call any system even reasonably secure,without secure boot.
Hello,
Suppose I want to create a secure boot chain in another way how do I do this for Qubes? As far as I can deduct from the security documents the packages are signed but the individual executables are not. Is this correct or am I making a mistake here?
Thanks
Stopped reading past your first sentence, because reality has already proven that wrong.
ok I read on lol...My raspberry pi is an arm processor, its running linux.
Easy do a secureboot with coreboot he says. Ya i'm sure we can all easily do that. /sarcasm
You say preventing modifications to the kernel is irrelevant. Which means you are failing to understand that the operating system is irrelevant.
I have to add another thing. Its nice to say that the motherboard firmware is libre, but it makes no difference to me cause I don't have the know how to read or alter the code myself.
So you and Microsoft are no different to me because I still have to trust and rely on you because I'm just an avg noob. But IMO, it would be more naive and dangerous for me to buy a board or get tech support from some random stranger online, then it would be to use monitored support service by paid emplooyees, or a commercial product used by millions that can't be as easily altered from its factory state. (minus gov't backdoors) I hope you don't take offense.
I mean the whole argument for libre and open source is having more eyes on the code. But what people don't understand is "eyes on the code" encompasses many things. Microsoft for example has "more eyes on the code" for the simple fact its more widely used and more widely targeted by attackers. But its not a security focused os unfortunately. Also, are we talking about good eyes or evil eyes? IMO, this aint the 90s anymore and evil eyes are the wide majority now. Even linus torvalds has changed his tune past couple years.
And I have to put this out there, guys like Linus Torvalds, or Brad Spengler, would never use linux at home for their family or personal use. They use windows. I kid you not.
Number two, They have a respected reputation in the industry.
3. they don't seem to get involved in industry politics or get very emotional or tied to any status quos or value assumptions. They seem to care only about the code and whats practical for Qubes and nothing else seems to phase them. Almost robot like.
All that being said we don't know if they are controlled by a nefarious government or not. Joanna always gets flak for saying that herself. SO nothing can be 100% trusted. ever. But compared to the alternatives...
Now he has to stop calling secure boot security theater, because alot of people seem to believe it and take his word like gospel.
Is protecting the bios from rootkits its intended purpose? seems so?, it helps anyways, and it definitely was intended to protect the firmware. Its not just kernel code signing, its driver code too.
I would add also make a password on your bios obviously, and enable flash protections.
I don't even think most the ITL members use aem, it sounds complicated and buggy and I can't afford to buy new hardware if it red flags anyways.
To be honest, it really doesn't matter what os you use, its all about what the user does on it. When using qubes the user still has to be careful. It doesn't matter if dom0 is compromised if a vm with sensitive info is. You really have to be strict with yourself.
You going to play online video games? might as well use windows.
Dual booting? might as well just use windows.
disabling iommu features? might as well just use windows.
Worried about government spying? Might as well not use anything.
You have to live like a monk if you really want privacy.
I have a windows machine and a qubes machine. the qubes machine is for offline documents, compartmentalizing specific website login activity, and random browsing. The windows machine is for gaming and movies.
The guy Brad Spengler already warned dom0 and vms can be compromised by bad system updates. And I believe this happened to me and led to my bank account being hacked. Also just after intel announced their patch for the hardware backdoor that existed for 8 years.
Qubes did last almost 2 years for me though(minus gaming), when barebones linux wouldn't last a day and windows wouldn't last a couple months. Simply because I refuse to give up doing the things I own a pc for. The other thing he warned about was using too much of the gpu in qubes... I foresee that coming in the future with people demanding passthrough for it.
If you do decide to go back to windows 10, hardenwindows10forsecurity.com also might interest you hardenubuntu.com (scroll down to harden ubuntu section) The user activities and security and trust of the developers become the deciding factor after a point.
I don't think any operating system does it all. Just like alot of people didn't think root privilege escalation in
vms, being trivial to bypass, was an excuse not to add that layer of protection. I think its even worse not to use secure boot.
also if my hardware is compromised it really doesn't matter what os I use at that point either.
lol... also cause his family hates linux, and because as he has said "he just likes things to work in his old age" He use to be a linux only guy in college, then he grew out of it. He prefers to use vm's in windows for his developing. He prolly feels his project is only for servers and professionals.
I've already explained this earlier, I'll try again. It really doesn't matter what os you use, its all about the user.
A windows machine would be fine to do online banking on, as long as you are not doing much of anything else on it and not a huge target, imo. Guys like HDM use windows for banking. In his words he doesn't care at all cause its a consumer account not a business bank account so he has financial protections and doesn't care if he gets hacked. I don't look at things that way though, because being hacked would bother me regardless.
Alot of offensive hackers like him think everything is a victimless crime till it happens to them. They have to tell themselves that if they have any sort of conscious.
A hardened linux boot cd rom would also be ok to use for banking, although all the projects I know of have been abandoned, and I've never used one with secure boot before although I'm sure its possible. But I don't have the patience to compile my own live cd.
Qubes definitely fills a gap of people wanting to do a little bit of everything on their computer when its comes to browsers and offline documents. When you are doing random browsing or going to sketchy sites, or want to isolate offline files all on the same machine, isolate certain programs from rest of the system, Qubes is alot easier and more resource friendly to use then setting up your own windows or hardened linux box with vms, Plus there are more security features then the avg person could implement themselves.
Experts have problems even implementing similar features on linux system with kvm.
But Qubes still relies alot on user habits, and in fact the user learning new habits. So Qubes does require even more discipline then linux or windows, to get the full benefits of using it, imo. But I think the avg person can easily get used to it.
And like I said it took almost two years to compromise my qubes machine, doing the same tasks on a on a windows machine would take a month or two. And with linux only days. This is my personal experience since 2008, of course I have no proof. If you were to ask me during windows xp days? I would immediately say linux is more secure. But times change.
well linux mint is even worse for security then other linux boxes, like fedora or debian. Because the linux mint devs themselves say security is not their priority, and they hold back updates to ensure stability. But that means you are getting patches way later then you should. They forget to sign stuff sometimes, dont' renew their website certs, don't even use good encryption for sig files, A hacker was even putting out backdoored iso on their site last year I believe.
If you really want to use linux I would recommend debian, where you can easily encrypt all partitions and the devs take security seriously. Plus its the easiest linux to compile your own hardened kernel for.
But like i keep saying it all depends on the user and I am only giving you my personal experiences based on how I've used my own pc.
Hello Marek,
This is clear. Do you have any plans to do this in the future?
Best regards,
Wim Vervoorn
In the meantime, I recommend a partial workaround.
Protect the BIOS from some forms of tampering:
1. Use a machine with a BIOS password that prevents software-based flashing when a BIOS password is set. Many "enterprise class" laptops from Lenovo/Dell enforce this. You can test it yourself. There's some interplay between this rule and the "only accept manufacturer-signed firmware" rule. Both can be worked around with hands-on access to the machine and the will to do it, though.
Protect the Drive data from some forms of tampering, including some forms on hands-on tampering:
2. Use a self-encrypting SSD (most recent Crucial/Samsung drives) with either a) ATA password protection* or b) using OPAL w/ open-source sedutil.
Belt & suspenders and all that (do you trust the drive hardware encryption manufacturer...maybe? maybe not?):
3. On top of the hardware encryption, us an OS (such as Qubes) that software encrypts the non-boot portion of the drive.
Option #2b is worth looking up, TCG Opal via sedutil is quite nice.
Let me explain #2a:
Historically ATA Password was a hack that was easy to workaround using various bits of software (for really poor implementations) or a combination of hardware/software systems that exposed the manufacturer test/programming signal lines via the jumper pin headers. Software that utilized this out-of-band interface was developed that called manufacturer routines to unlock the drive in several ways. These techniques were discovered by trail & error or leaks, and built primarily by eastern european and/or russian data recovery companies. In the end, good data recovery shops could recover data from ATA Password locked drives (not to mention good/bad governments).
TCG Opal's incorporation of ATA Password into their Self Encrypting Drive design standard changed all that.
Contemporary Opal 2 supporting drives (e.g. most consumer-level and enterprise-level Samsung or Crucial SSDs) treat ATA Password as "Security Class 0" whereas Opal is meant to be used with the feature set in "Security Class 2" (e.g. as provided via sedutil). In both Classes, the drive's user-area data is always stored encrypted with an initial factory-generated key, which is user replaceable.
If Opal's locking range support or an ATA Password is not configured (or when you disable either), the drive's user-area data is still encrypted at rest, but at power-on it automatically unlocks because: effectively you have a null password/configuration. Either the key is stored in the clear or the empty password/configuration value is passed to a secure hash function and the hash output is used to decrypt the drive's user-area key. The key is then loaded and used to decrypt the user-area data.
When an ATA Password is set, the password (or whatever the BIOS translates what you type to...) is passed to a secure hash function, the output of which is used to symmetrically encrypt the drive key, and the newly-encrypted key is then written back to the drive over the old encrypted drive key or clear key.
So, when the ATA Password is used instead of the more complex Opal configuration: on power-up the drive asks for a password, the entered password is run through a hash-based algorithm to decrypt the drive key and unlock the drive.
Importantly, these drives salso upport the ATA Sanitize/Crypto Scramble Ex function which randomizes the drive user-area key. Remember I said that the key is set at the factory. You can change it! Calling the function instantly destroys the existing user-area key and creates a new one. If you don't trust the factory key, I recommend this as a first step before putting your data on the drive. Lenovo has a utility for this for Thinkpads, Seagate's SeaChest utilities now also support this, hdparm may have added support too, I think.
Depending on the drive, you can see the result of the Crypto Scramble Ex call on non-zero'd flashed blocks. Test: write a sector with non-zeroed data you recognize, read the sector, see the ordered non-zero data, call Crypto Scrable Ex function, read same sector, see what appears to be random data.
What was stored in the flash did not change, but the key used to decrypt data from the drive is now different. Effectively, the drive is erased: the entire user-area of the drive is now random data or zeroes. Even physical flash blocks not assigned to logical flash blocks (e.g. trimmed but not yet erased; or retired due to bit errors) no longer have a key stored in the drive configuration that can recover any data from them.
Brendan
https://ruderich.org/simon/notes/secure-boot-with-grub-and-signed-linux-and-initrd
Seems as if people have only implemented this for debian based systems.
It does not address BIOS/firmware tampering portion of AEM, though there are some mitigations in place when a BIOS password is used, depending on manufacturer.
Just FYI.
Brendan
Sigh... Trying to sell some hardware again? Noone mentioned Microsoft. And I don't think anyone said its a deal breaker. Mind boggling you don't realize all the major linux distros already use this technology. Its for a reason.
And Xen is stopping us according to Marek. Hopefully it will be possible in Qubes 4.1 which is being developed to use a later xen version.