Received: by 10.223.185.116 with SMTP id b49csp738572wrg; Fri, 16 Feb 2018 06:28:36 -0800 (PST) X-Google-Smtp-Source: AH8x227MIh80e2hCXCBTb2Ek9KEVQS+7te5rjM5lfI5wsNRzwxwaYxEl/4fQgkLMwEdyU4GbFPIL X-Received: by 10.98.23.136 with SMTP id 130mr6237299pfx.43.1518791316274; Fri, 16 Feb 2018 06:28:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518791316; cv=none; d=google.com; s=arc-20160816; b=ffRYNQ6ic4aAhBoTAPF6K1lZdLfLsWBLryZvm48M3+j8hotsjA9Z0XlAKLSu7Og5Xu v3RD+3pS20jMgtOvmflulr3Hd2yXMDU3MLo1R0I13CS8adnN2+SyL4KEx1AbbEB2sfg1 nBY9RhYspyv/WKkN6J2N/HlRUwEn4tK/p+acg7eV6vweHdUnjenSbSzk1/cVQ7FlsTMC xXJ3QTbeUKBcmJlsGT11lofcn08QmvtMaRTaK+WNV4rNjvdGhwqKYVymuz0EsQfIwlEn VBninOUhrNO9bZp+oHULtX0digVsnz8HsCP9zHZDwdk7JJw7YKeM2vEVzjPIUAq0V+P9 R/Eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=rBw38FdfcIK9PGC1cuXvOneBKHa01lpspwQg2y/BNyc=; b=ee88SzqGPKJGKKGhl3ilNfSJfdHZEtt+Oz7ZT+6yP50BNkJ2HWyVaKjdbO2mubs8Q6 rlkN2ght5X8rUXNIGvkALJv9NzsCxz/6eH65Cqn9Tj6rioANuHMLHNaj35Grdkk0iI3I T68ioTwQu5LOmQWYdO72Z8M2efp8416qYBiDI7/FxjKROGZ9tDzbpXd0+Q4j1sUjV1Oe qdKoELPF42DryYWIOLkBtzjLE0o7ZfqK5TH8mDRcFESLccglaES+xbR1K5rETo/QPwYW EO16igqJIUuuB09xIvl1D+92NdKX9E+5I0kgFKce63fVpFDMxhH+PS0vX9yh2+4OKHdx I4vw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=aWq3QLSU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n3-v6si1464089pld.150.2018.02.16.06.28.21; Fri, 16 Feb 2018 06:28:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=aWq3QLSU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1167100AbeBOTE0 (ORCPT + 99 others); Thu, 15 Feb 2018 14:04:26 -0500 Received: from mail-it0-f50.google.com ([209.85.214.50]:40218 "EHLO mail-it0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1161104AbeBOTEY (ORCPT ); Thu, 15 Feb 2018 14:04:24 -0500 Received: by mail-it0-f50.google.com with SMTP id v186so1795139itc.5 for ; Thu, 15 Feb 2018 11:04:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rBw38FdfcIK9PGC1cuXvOneBKHa01lpspwQg2y/BNyc=; b=aWq3QLSUje1D+UrsO5KXQZch8od9tRYUDkHxQJZKeJcx/mVMF7PYX26Er65lRs1Us4 ty8PuQbteb165q8Gy4sbV2KrUuvndXASQR108TjSer6rrMm5XOKiaSBf9Ko/FagRg/B0 qnFSsRZWuSBG/0UPYcwAJW5h/gOUlO5N+dzL8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rBw38FdfcIK9PGC1cuXvOneBKHa01lpspwQg2y/BNyc=; b=uFjTt/ZefUnvbInfbqksOvfC7QG2sZaTc/q8XdTr7hHtbaJYSDocQxTtkOPJbMIUcV DrMFu6ic+LEabU6QIMTN0NmmW5xzd1R4/yaXXOdl1bz9PICB0cFoJBY0xKfVTcPUttC0 3Bf+3QhC/V25XZWZ9bCW9ZcL4IA8g+Tggawiy6+10Gf0vBLfptOkD/VKxPvXxMflmWsM 3j/OUZ2h3c0jgdN895ZGxyjKY9itnTu9SDm3jS3+H5+E24QnnYrDkiSetGD321xRWj2j DV7bS2sqp6po3c3CVlNc2L5mCnoWlX3JebZNBss9uR6GMDP7egsOYippmWuxKF5RtRg2 Ungg== X-Gm-Message-State: APf1xPBQEx4TUKY8dAZ0TzfgEhtboEaD95dRNh35Cuv4O3D03dgaxii7 I2wzB5X4Yr7ZhzSh3ReP2RghRNRY/4Aq8E4qkq9UIA== X-Received: by 10.36.108.208 with SMTP id w199mr5021535itb.102.1518721463234; Thu, 15 Feb 2018 11:04:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.112.13 with HTTP; Thu, 15 Feb 2018 11:04:22 -0800 (PST) In-Reply-To: References: <1518612748.4749.29.camel@profitbricks.com> <1518614486.4749.33.camel@profitbricks.com> From: Ard Biesheuvel Date: Thu, 15 Feb 2018 19:04:22 +0000 Message-ID: Subject: Re: Read-protected UEFI variables To: "Austin S. Hemmelgarn" Cc: Benjamin Drung , Matthew Garrett , Jeremy Kerr , Matt Fleming , linux-efi@vger.kernel.org, Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org FYI https://marc.info/?l=linux-efi&m=151871896117989&w=2 On 14 February 2018 at 20:33, Austin S. Hemmelgarn wrote: > On 2018-02-14 08:21, Benjamin Drung wrote: >> >> Am Mittwoch, den 14.02.2018, 13:09 +0000 schrieb Ard Biesheuvel: >>> >>> On 14 February 2018 at 12:52, Benjamin Drung >>> wrote: >>>> >>>> Hi, >>>> >>>> I am exploring the possibility to store SSH and other keys in UEFI >>>> variables for systems that do not have persistent storage. These >>>> systems boot via network and need individual SSH keys which ideally >>>> should not be distributed via network. >>>> >>>> The plan is to write a small daemon that starts at boot and gets >>>> the >>>> SSH keys from EFI variables to individualize the system with SSH >>>> keys. >>>> I plan to release the code as free software. Simple proof-of- >>>> concept >>>> code: >>>> >>>> mount -t efivarfs none /sys/firmware/efi/efivars >>>> for key in ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_rsa_key; do >>>> dd ibs=1 skip=4 if=/sys/firmware/efi/efivars/${key}-89df11f4- >>>> 38e6-473e-ab43-b4406b76fba9 of=/etc/ssh/$key >>>> done >>>> >>>> I am not the first person having the idea to use UEFI variables to >>>> store keys: >>>> https://www.usenix.org/conference/srecon17asia/program/presentation >>>> /korgachin >>>> >>>> There is one problem: The keys should be readable only by root. >>>> When >>>> mounting efivarfs, all variables have the permission 644 which >>>> makes >>>> them readable by all users. I have different ideas how to solve it: >>>> >>>> 1) Hard-code a list of GUIDs that should be only readable by root >>>> in >>>> the kernel module. These modules would also be not set to >>>> immutable. >>>> >>>> 2) Instead of hard-coding GUIDs, add a kernel module parameter to >>>> specify the GUIDs. Maybe have a default list in the kernel module. >>>> >>>> 3) Add a mount option to specify the protected GUIDs. >>>> >>>> Feedback is welcome. >>>> >>> >>> I'd consider a patch that makes the permissions a mount option for >>> efivarfs, applying to all variables. The reason is that these >>> variables shouldn't have been world readable in the first place, and >>> I >>> am reluctant to make this overly complex. >> >> >> Having some variables (like the BootXXXX and BootOrder variables) world >> readable is useful. This allows normal users to run 'efibootmgr' to >> display the boot options. > > Some variables maybe (ISTR variables for things like the system time-zone or > the firmware locale settings, which _might_ be useful), but I would say the > boot variables are not on that list. The only practical application for a > regular (non-root) user to read those variables is to gather info for an > attack on the system. Anybody who legitimately needs to access them (either > for debugging the boot process, or changing the boot options) should have > administrative access to the system anyway, and even then they will usually > not need to read them. > > In fact, most of the UEFI variables fall into the same category, but even > more so, userspace has no legitimate reason to need to read them. You can > get an absolutely insane amount of info out of them on some systems, most of > which is a gold-mine for potential attackers. For the handful that may > actually be useful to userspace, most would be needed only during system > startup, and thus could safely be made readable by root only. >> >> >>> On the other hand, you should realize that UEFI was never designed to >>> keep secrets, and so whether it is a good idea to put secrets in UEFI >>> variables to begin with is dubious IMHO. >> >> >> If the UEFI is as secure as storing an unencrypted file on a hard >> drive, I am satisfied. Or do you have a better idea where to store the >> SSH keys for a diskless system that boots via network? >> > There really isn't any other option unless you're willing to put a small > amount of flash storage in the system somehow (maybe a small USB flash drive > connected directly to a USB header inside the system?). As far as the > security of UEFI variables, the same limitations as storing the data on an > unencrypted hard drive apply, with the addition that it's much easier to get > at them through stuff like Intel's AMT or IPMI than it is to read data off > of the hard drive.