-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, Jun 06, 2018 at 09:24:54AM -0600, Trammell Hudson wrote:
> On Wed, Jun 06, 2018 at 04:55:25PM +0200, Marek Marczykowski-G??recki wrote:
> > [...]
> > But still, there is quite a bit of work with it. For example key
> > management.
>
> The key management issues are really difficult - I count over a dozen
> keys or passwords involved in the boot process and no easy way to
> manage them.
>
> > Since the initramfs is generated on user machine, there
> > needs to be a private key to sign it. This means each installation needs
> > to have its own key. [...]
>
> How much does the initramfs vary between installations? Is it possible
> to have an official one that is signed and distributed as part of the
> updates instead of generating it locally?
There are two factors:
- included hardware drivers (that's easy - we can include all of them)
- system configuration - including partition layout (partition UUID,
different values for root=, depending on LVM config or btrfs usage),
keyboard layout etc
The second point is partially embedded into initramfs (/etc/crypttab,
/etc/vconsole.conf) and partially provided via kernel command line. Both
things needs to be authenticated, so even if we reduce one of them (for
example move all the variables to the kernel command line), we will still
have a problem.
> My preference would be to adopt something like a read-only dom0 with
> a signed dm-verity root hash to ensure that the filesystems are unmodified.
> If users want to modify dom0, they would need to enroll their own keys
> and handle updates, but otherwise the qubes signing key could be used
> on the static dom0 root fs.
I agree that it would be a desirable goal, but it is unrealistic as long
as user interface (window manager etc) is part of dom0, as those things
are highly customizable and require ability to install packages in dom0.
But when we move GUI to a separate domain (hopefully in Qubes 4.1), that
would be much more realistic. It isn't clear at this stage whether we
could get rid of X server from dom0 in all the configurations (means -
great reduction of dom0 system), depending on GPU passthrough
reliability. So, a static, minimal dom0 is further away.
> For systems with user keys, it might be worth looking at what the Librem
> team is doing -- they have hooks to detect a kernel upgrade and initramfs
> regeneratation and prompt the user to plug-in their hardware token to
> re-sign the kernel/initramfs/config parameters. They also use the Heads
> firmware and the TPM counter to detect rollback attempts.
That's indeed interesting. I've seen a video of it, but haven't played
with actual implementation yet.
- - --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
- -----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlsYNWoACgkQ24/THMrX
1yxt9gf/eTI2Qy6m8SdrIQStjCUnB+SC58o2G/ZlRqUjFwkeByQCLvpnt0HOEpzy
V4mh5rJZABWNXmtvcCMYNNK0FX2PUcbRLvX7KpSYYTSQ5TqriiJYXSDcGmuM2EDY
0Xi+3EZDhDJO7UqA/kETAXolrep1yTNkaDNjVi75Af6xeewoOp4V4TwXAktJm4Ih
ggXsBvOSDiKwuoCx4qAECkvws/6Spq4ZjwkSFQiN3lr32/Oga6lA/7qicDZsX1tJ
nVgfI6qceiUkYXkQ5EdPlEoHg3EegX1klxAvgxTlkgLlUb7qvjSwrV9QVTzCzSgG
hc51uiDT+1ivoGtARDzpcYSIMKSNrQ==
=4mXa
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlsYNbYACgkQ24/THMrX
1yyk2gf+MFg+sBCSQ1t+mMu2NCkhTIDsAF59tznfVZ8VgCD2utQk6fqy4TH8o3oi
bWRPvOjYqQ2CUrHlrF29gUYAKSjk/g9rrjP1j6GFcYRtzhZ3sstbASOTL/ZxbIQo
qKmcqmYBMxvkgY0vbnd6kLE1v79lu64+NICblRo2uf5tNCDlCAqLnOS9E4adaAKK
SYVJ+H0gQ8hscfYEp8hniQewMYJjtksOFiBNt7rRRsPBVPdXHh02+QoTQawPsSLw
E1XuTm/nuGUanN13a7t5IvzHMql503V+FxOqF/tZHAhXXGD2aDzLSFvR8GNFADBX
k4uQqxcHmG4N8uiej9rjX2iP1NonzA==
=55MY
-----END PGP SIGNATURE-----