[HN Gopher] Making hibernation work under Linux Lockdown
___________________________________________________________________
Making hibernation work under Linux Lockdown
Author : edward
Score : 83 points
Date : 2021-02-27 16:06 UTC (6 hours ago)
(HTM) web link (mjg59.dreamwidth.org)
(TXT) w3m dump (mjg59.dreamwidth.org)
| wheybags wrote:
| I wish hibernation would consistently work at all...
| finchisko wrote:
| It was mentioned in second paragraph, that there is basically no
| security that can be enforced since root, can load arbitrary
| modules into kernel.
|
| So, how does the localities of TMP, solve the problem of rogue
| root installing custom TPM kernel module, that have access to
| locality 1?
| mjg59 wrote:
| Once you're in the secure boot world, you enforce module
| signatures.
| jeffbee wrote:
| Why is hibernation even a thing? I can count the number of times
| I've wanted it on zero fingers.
| eMGm4D0zgUAVXc7 wrote:
| To prevent a machine with full disk-encryption from having its
| key in memory while you're not watching it:
|
| - With hibernation it is possible to store the hibernation file
| on the encrypted root partition so you will have to re-enter
| the password during boot.
|
| - With suspend-to-RAM, it would always be in memory.
| dividedbyzero wrote:
| I'd absolutely love to use it on my secondary machine, a
| desktop PC running Windows 10 - just hibernate and pick up
| right where I've been a few days later without leaving it in
| standby blinking its super bright LED aggressively. Sadly if I
| send it to hibernate the PC will always turn itself back on in
| the night, so no hibernate for me...
| mcv wrote:
| I really do not understand Windows 10. It really seems like
| Windows 10 laptops and PCs are unable to sleep. They keep
| waking up, and then refuse to sleep. Frequently I find my
| work laptop in the morning turned on by itself, screen on,
| fan blowing enthusiastically. Power management in Windows 10
| seems to be utterly broken. It certainly doesn't obey any of
| my settings.
| watermelon0 wrote:
| You should check `powercfg lastwake` via PowerShell, and
| Event Viewer, to determine what wakes up your PC.
|
| I had similar issues, and IIRC, I had to disable wakeups for
| network adapters in Device Manager.
| dividedbyzero wrote:
| I've tried lots of things from the first page of google
| results but I don't think I've tried that. Will give it a
| shot for sure!
| Karunamon wrote:
| Laptops, mostly, to maximize battery life. If I'm going on a
| flight, I'll charge and hibernate my system at home, bag it,
| then drive to the airport and get through security. This is
| about a 2 hours process and entails _zero_ battery drain.
| deathanatos wrote:
| But over suspend to RAM? Suspend to RAM eats through
| basically zero battery, and can trivially survive the plane
| flight. (I've taken my laptop on flights, drained the battery
| to <10% in the course of the flight, and had it spent the
| last several hours in suspend-to-RAM.)
|
| (There might be some discussion about security in America's
| airports, and their overzealousness towards illegal searches,
| and on that basis, I'd entertain hibernation as superior.)
| jeffbee wrote:
| But what's the real value over a cold boot? Wake from
| hibernate takes a lot longer than a cold boot, and to me it
| doesn't seem to save any time.
| watermelon0 wrote:
| You don't lose open apps, files, tabs, etc., so your work
| is not interrupted.
|
| I've not perceived any time difference between cold boot
| and wake from hibernation, on a decently fast SSD.
| l3s2d wrote:
| Which OS are you using? I've never noticed a difference
| between cold boot and hibernate on Linux.
| bscphil wrote:
| Anecdata: back in the days when I was using Ubuntu (pre-
| Unity) on what was even at the time moderately old
| hardware, there was an obvious difference. Standard
| bootup took 20-30 seconds, resuming from hibernation took
| multiple minutes.
|
| Just thinking about it on an abstract level, it's not
| that unintuitive that resuming from hibernation should be
| slower than both cold boot and resuming from sleep. When
| you cold boot you need to load the kernel and startup
| programs into memory. With hibernation you need to load
| the whole previous operating state into storage, which is
| going to mean multiple GBs need to be read from your swap
| partition into memory. It's not hard to imagine that on
| many systems the hard drive will be the slowest piece of
| hardware.
| jeffbee wrote:
| Are you sure you're including the amortized lifetime cost
| of whatever you had to do / whatever you will have to do
| to troubleshoot Linux resume-from-disk?
|
| I kid, but I do use Linux, it's just a Linux that doesn't
| even offer hibernate and boots cold in one second:
| ChromeOS.
| aritmo wrote:
| It was unfortunate to use that name Linux Lockdown. It was
| selected before COVID-19 though.
| TeeMassive wrote:
| I'm no kernel dev but yet I understood pretty much all of it.
| Well written!
| heavyset_go wrote:
| Matthew's blog is great, I've been subscribed to it for years.
| wizzwizz4 wrote:
| I'm always a little wary of technological innovations that stop
| the system administrator from being able to administer the
| system. I understand the concept of not trusting root, but the
| solution surely isn't "so make the manufacturer the _real_ root".
| There isn 't even a hardware override for this!
|
| Getting hibernation to work under Linux Lockdown is technically
| impressive, and now we know how it can be done. But _should_ it
| be done?
| rcthompson wrote:
| You put your computer into hibernation and walk away for a few
| hours, then come back and wake it up. Wouldn't it be nice to
| have a cryptographic guarantee that the image you are resuming
| from is indeed the same one you hibernated to? That takes away
| a possible attack vector.
| garaetjjte wrote:
| In that scenario attacker doesn't have access to root anyway,
| so disk encryption is sufficient to protect against this.
| userbinator wrote:
| _but the solution surely isn 't "so make the manufacturer the
| real root"_
|
| I think it's pretty clear what features like this are designed
| for. The mobile ecosystem and their walled gardens, where the
| manufacturers --- and Google --- certainly do want complete
| control (and it's a little funny to see the power struggles
| between them), and treat the users as nothing more than
| consumption-slaves to be milked for profit.
| GlitchMr wrote:
| Well, if you don't need Linux Lockdown, don't enable it.
|
| The problem Linux Lockdown fixes as follows: Microsoft
| BitLocker stores its key in TPM which is accessible to Ring 0
| code only. If the user would be able to run arbitrary Ring 0
| code they could bypass BitLocker without actually knowing the
| password.
|
| To prevent this, Secure Boot is being used which requires the
| kernel to be signed. To avoid the necessity for user to allow
| distribution key in UEFI settings, many Linux distributions
| sign their kernel using Microsoft keys and to make sure this
| couldn't be used to run arbitrary Ring 0 code (which could end
| up with Microsoft revoking their key). Linux kernel enforces
| various restrictions: no loading custom modules and so on.
|
| Hibernation is complicated with Linux Lockdown as during
| hibernation, kernel loads contents of swap disk into RAM.
| Somebody could make their own Linux distribution, use a signed
| kernel from Canonical and make sure the bootloader would load
| their own malicious swap disk which would bypass Secure Boot
| requirements.
| baybal2 wrote:
| And all of this makes zero sense, given that anybody can
| simply tap the TPM chip itself.
|
| All x86 TPMs are effectively pwned, and useless for their
| stated application.
|
| TPM never served any real security role.
|
| Making a system fully secure against a physical attack is
| impossible, and looks plainly silly to anybody knowing how
| computers work.
|
| Even specially protected credit card chips cost only few
| thousand dollars to extract a key from in the numerous
| "firmware recovery" shops.
| mjg59 wrote:
| You're going to have trouble "simply tapping" the TPM if
| it's implemented in the ME or the PSP.
| baybal2 wrote:
| Nevertheless, all standalone first gen TPM chips are
| such.
| geofft wrote:
| Wait - given that Ubuntu's signed shim/GRUB is willing to
| load unsigned non-EFI kernels, does that mean you can use it
| from a USB stick to unlock a BitLocker machine, without even
| messing with hibernation?
| bscphil wrote:
| Sibling comment says this doesn't matter because you can
| "just" tap the chip. I don't know if that's true, but
| practically, isn't the _real_ reason why this doesn 't matter
| is that there are a bunch of signed bootloaders that let you
| boot untrusted code? For example, famously, the Kaspersky
| rescue disk. [1] Even assuming that the key for this
| particular disk has been revoked, trusting this to protect
| your system seems rather fraught, as it's not good enough for
| _your_ kernel to be secure from ring-0 privesc, every single
| signed image in the world needs to be as well.
|
| Could be I'm missing something. Is it impossible to replace
| the boot disk entirely once Secure Boot is enabled? Hard to
| see how the hardware failure case would be handled.
|
| [1] https://habr.com/ru/post/446238/
| mjg59 wrote:
| > There isn't even a hardware override for this!
|
| You can always use mokutil to disable this.
| wizzwizz4 wrote:
| Unless the motherboard doesn't implement those APIs. It's
| difficult to tell until you've bought the computer - and my
| concern is that being able to change the keys might become a
| premium feature.
|
| Computers should be loyal by default.
| mjg59 wrote:
| Which APIs? I've never seen a motherboard where
| SetVariable() is sufficiently broken that mokutil won't
| work.
| wizzwizz4 wrote:
| https://askubuntu.com/a/1100577
| mjg59 wrote:
| Thanks - this isn't a case of not implementing APIs, this
| is a broken implementation. I'll look into it.
| ylyn wrote:
| Then just disable lockdown in your kernel.
| jeroenhd wrote:
| It's the administrator that enables or disables this feature,
| though. Laptops often come with some pretty advanced encryption
| hardware (the TPM) built in, and it's mostly useless silicon if
| you don't find a way to use it.
|
| The kernel trusts the hardware it runs on to do what it's
| supposed to do, unless it has some good reason to apply
| security restrictions to a device.
|
| _Real_ root turns on or off the hardware by configuring
| hibernation in lockdown or disabling it. Leave it disabled if
| you don't trust the TPM manufacturer, but I don't see a reason
| why not to use it to secure your operating system. Intel
| processors run a separate 486 CPU for scheduling reasons,
| there's so many potential security backdoors in the average
| laptop that I wouldn't worry about the TPM too much.
|
| In the end, this is just another trick that Windows could
| already securely do for years that Linux only just learned.
| "Can I hibernate without compromising kernel security measures
| when Windows can" isn't a great question to have to answer with
| "no, because..." if you want to advocate Linux to businesses.
| bonzini wrote:
| Do you have a source for Windows being able to use the TPM to
| attest the validity of the hibernation file?
| jeroenhd wrote:
| The TPM and TPM state are used to unlock the filesystem
| that contains the hibernation file. If the TPM state is
| altered, Bitlocker won't boot without a recovery key.
|
| Unencrypted Windows installations do not validate the
| hibernation file as far as I know.
|
| Then again, encrypting Windows is a lot easier than setting
| up TPM encryption on Linux. On Windows it's just a button,
| "enable Bitlocker". On Linux, you're reinstalling if you
| didn't enable encryption on startup or messing about with
| moving files in between encrypted and and unencrypted
| partitions, followed by random tutorials or Github shell
| scripts to enable the TPM. Or, if you don't care about the
| easy of use of the TPM, enter a passphrase during every
| boot.
|
| However, even on unencrypted Windows, you never needed to
| disable the system enforcing signature checks just to
| enable hibernation.
| my123 wrote:
| Without drive encryption, you cannot ensure that you have
| a secure system.
| [deleted]
| etaioinshrdlu wrote:
| Anyone else fondly remember when the TPM chip was considered the
| most evil chip in the world? Simpler times...
| userbinator wrote:
| ...or when something that seems almost innocuous today, a
| processor serial number, caused such a huge amount of
| opposition that it was actually removed:
|
| https://news.ycombinator.com/item?id=10106870
|
| Now, users are getting dumbed down and herded in the name of
| "security", and losing more and more freedoms every day...
| while being almost completely unaware of it.
| mcv wrote:
| I don't understand the issue at stake here.
|
| > _" if you were root you could just replace the on-disk kernel
| with a backdoored one and reboot."_
|
| Isn't this a vital necessity? You want to be able to update the
| kernel to a new version, don't you? Preventing root from being
| able to do vital system maintenance sounds to me like the
| opposite of what you want.
|
| If an attacker has become root, the system is compromised. As far
| as I know, security should focus on preventing an intruder from
| getting root access. Once the intruder gets root access, isn't it
| kinda pointless to worry about the kernel?
| saagarjha wrote:
| Related: https://news.ycombinator.com/item?id=26222160
___________________________________________________________________
(page generated 2021-02-27 23:01 UTC)