English
Ask Your Question
0

anaconda and UEFI A few Questions

asked 2012-06-07 14:59:27 +0000

lsatenstein gravatar image

We know that Fedora will require a certificate from Verisign, to allow fedora versions to boot with signing keys.

What about anaconda? Will there be a signing key for it. Will I be forced to boot from a DVD because booting from USB is not necessarily available or supported?

What about wanting to boot from a virtual machine? Will the VM have a virtual UEFI software?

Since the Flame virus which made the news the past few days could get around signing certificates, why submit normal users to this extra UEFI hassle?

Will the BIOS software be upgradable, when bios bugs are found? If I was a hacker, that is my "port of entry" to defeat all signatures.

edit retag flag offensive close delete

2 Answers

Sort by ยป oldest newest most voted
2

answered 2012-10-04 21:55:24 +0000

What about anaconda? Will there be a signing key for it. Will I be forced to boot from a DVD because booting from USB is not necessarily available or supported?

Anaconda itself isn't signed; only the bootloader and kernel are really part of the signature scheme. Booting from a USB key on UEFI works the same way booting from an DVD does. There's no difference in terms of Secure Boot, and both will continue working just as they do now.

What about wanting to boot from a virtual machine? Will the VM have a virtual UEFI software?

That's a thing that may eventually happen, but it's unrelated to this.

Since the Flame virus which made the news the past few days could get around signing certificates, why submit normal users to this extra UEFI hassle?

The mechanism by which the Flame virus got around signing certificates wasn't a fundamental flaw in the signing and verification process - it was a bug which has been addressed, combined with a new collision exploit against MD5. The bug in question doesn't apply to UEFI's signing, and UEFI's signing policy doesn't allow MD5 hashes to be used, so that collision exploit won't help either.

Will the BIOS software be upgradable, when bios bugs are found? If I was a hacker, that is my "port of entry" to defeat all signatures.

That's up to your firmware vendor, but it's likely that Microsoft will be putting pressure on them in these cases. Only time will tell for sure.

In response to the other reply:

UEFI in virtual machines: Good question. If Secure Boot is enabled, all userspace code that touches hardware must be trusted, i.e., signed.

This isn't the case - the only things that really have to be signed or modified are the things which could be used to exploit an existing Windows installation if you incorporated them into a "bootkit". In practice, that means the bootloaders, the kernel, and kernel modules have to be signed, and userland tools won't be able to trigger DMA requests that they can directly influence. The latter bit of that means you won't be able to, for example, use setpci to remap pci devices, run non-KMS Xorg drivers, or run dmidecode. These are all things that you normally don't need to do anyway (and in the dmidecode case it's better handled through sysfs anyway.)

Presumably, UEFI firmware will be as updatable as its predecessor, BIOS. Today, BIOS updates can be downloaded from vendor and other sites with little or no security. We just assume it's OK. I doubt that will be the case with UEFI.

UEFI, when implemented according to the requirements for Windows 8, requires firmware updates to also be signed with RSA2048+SHA256. This will use a different set of keys than the bootloader signing keys.

edit flag offensive delete publish link more
1

answered 2012-06-07 19:00:44 +0000

joncr gravatar image

updated 2012-06-07 19:01:20 +0000

  1. Fedora/Red Hat are not considering anything that requires Fedora users to buy a certificate from Verisign before they can install Fedora. Fedora will buy a certificate, at $99, from Verisign. Microsoft will sign Fedora's pre-bootloader. That boot loader will, in turn, launch Grub2.

  2. The question about Anaconda is better addressed to Fedora and Red Hat. However, since it runs after boot, I'd imagine it won't be affected. As I understand it, one obvious intent of having a signed pre-bootloader is to ensure Fedora install images do, in fact, boot on Secure Boot hardware.

  3. UEFI in virtual machines: Good question. If Secure Boot is enabled, all userspace code that touches hardware must be trusted, i.e., signed.

  4. UEFI is a replacement for BIOS. The industry, including Linux, is on board with UEFI. Secure Boot is, in effect, a capability implemented in UEFI to block attacks on an OS during the boot process. Whatever vulnerabilities Flame exposed won't persuade Microsoft to abandon Secure Boot.

  5. Presumably, UEFI firmware will be as updatable as its predecessor, BIOS. Today, BIOS updates can be downloaded from vendor and other sites with little or no security. We just assume it's OK. I doubt that will be the case with UEFI.

Linux users with Windows 8 hardware can always disable Secure Boot and proceed as they always have. The real problem is for Windows 8 user who want to dual boot Linux. They will need to enable Secure Boot if they want to continue to boot Windows.

edit flag offensive delete publish link more

Comments

Technically, UEFi should be updatable with signed key. According to Matthew Garett, you could also update with a flash writer, but i am not sure how it affect a project like flashrom.

misc ( 2012-06-09 06:10:19 +0000 )edit

Your answer

Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

Add answer

[hide preview]

Use your votes!

  • Use the 30 daily voting points that you get!
  • Up-vote well framed questions that provide enough information to enable people provide answers.
  • Thank your helpers by up-voting their comments and answers to your questions.
  • Down-voting might cost you karma, but you should consider doing so for incorrect or clearly detrimental questions and answers.

Stats

Asked: 2012-06-07 14:59:27 +0000

Seen: 343 times

Last updated: Oct 04 '12