[haiku-development] Re: Design for signed packages

• From: Axel Dörfler <axeld@xxxxxxxxxxxxxxxx>
• To: haiku-development@xxxxxxxxxxxxx
• Date: Mon, 24 Mar 2014 21:27:27 +0100

On 03/24/2014 07:55 PM, Jonathan Schleifer wrote:

Am 23.03.2014 um 23:17 schrieb Axel Dörfler <axeld@xxxxxxxxxxxxxxxx>:

I don't think we should only support secure boot in combination with an 
encrypted boot disk.

Well, for it to actually make sense, full disk encryption is basically a must.
An attacker can just place arbitrary binaries on the system to get control.

How so? If the boot loader is signed, and loads a signed kernel which loads signed packages, I don't quite see how encryption is a necessity.

When the system is running, an attacker already needs to be inside the system 
to place binaries. So it's game over anyway.

It's not. If you have a trusted chain of signed packages, you can make sure the system is as clean as its gets.

Even on Windows, for which SecureBoot was designed.

Not really. Windows signs its kernel, and kernel modules. So those are safe. If they had the means to secure the userland as well, it could be completely safe.

Exactly. If the system is running and an attacker can modify files, it's game 
over. SecureBoot only protects the boot.
When you use full disk encryption, an attacker can still modify your 
bootloader. Secure boot prevents that, but it does
not prevent attacks on the running system.

That's actually up to the implementation.

There is no way to prevent them with ports like Firewire, ExpressCard or 
Thunderbolt: They all allow accessing physical
memory directly, without the OS noticing.

This all requires physical access to your system. The probability of that is pretty much zero for pretty much everyone on this world (unless you are an ATM machine). I personally don't see a need to waste time on such a solution.

The threat that is real for everyone is online.

Bye,
   Axel.

• Follow-Ups:
  • [haiku-development] Re: Design for signed packages
    • From: Jonathan Schleifer

• References:
  • [haiku-development] Design for signed packages
    • From: Jonathan Schleifer
  • [haiku-development] Re: Design for signed packages
    • From: Axel Dörfler
  • [haiku-development] Re: Design for signed packages
    • From: Jonathan Schleifer

Other related posts:

• » [haiku-development] Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Axel Dörfler
• » [haiku-development] Re: Design for signed packages- Ingo Weinhold
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages - Axel Dörfler
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Ingo Weinhold
• » [haiku-development] Re: Design for signed packages- Stephan Aßmus
• » [haiku-development] Re: Design for signed packages- Axel Dörfler
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Ingo Weinhold
• » [haiku-development] Re: Design for signed packages- Rene Gollent
• » [haiku-development] Re: Design for signed packages- François Revol
• » [haiku-development] Re: Design for signed packages- Ingo Weinhold
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Ingo Weinhold
• » [haiku-development] Re: Design for signed packages- Ingo Weinhold
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Urias McCullough
• » [haiku-development] Re: Design for signed packages- Rene Gollent
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Julian Harnath
• » [haiku-development] Re: Design for signed packages- Ingo Weinhold
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Ingo Weinhold
• » [haiku-development] Re: Design for signed packages- waddlesplash
• » [haiku-development] Re: Design for signed packages- SMC.Collins
• » [haiku-development] Re: Design for signed packages- Jonathan Schleifer
• » [haiku-development] Re: Design for signed packages- Fredrik Holmqvist
• » [haiku-development] Re: Design for signed packages- SMC.Collins

1. Home
2. haiku-development
3. Archive
4. 03-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---