|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2021-06-02 13:53:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Garrett: Producing a trustworthy x86-based Linux appliance
Matthew Garrett has written up the long,
complex series of steps required to build an x86 device that only boots
code that the creator wants to run there. "At this point everything
in the boot process is cryptographically verified, and so should be
difficult to tamper with. Unfortunately this isn't really sufficient - on
x86 systems there's typically no verification of the integrity of the
secure boot database. An attacker with physical access to the system could
attach a programmer directly to the firmware flash and rewrite the secure
boot database to include keys they control. They could then replace the
boot image with one that they've signed, and the machine would happily boot
code that the attacker controlled. We need to be able to demonstrate that
the system booted using the correct secure boot keys, and the only way we
can do that is to use the TPM."
Matthew Garrett has written up the long,
complex series of steps required to build an x86 device that only boots
code that the creator wants to run there. "At this point everything
in the boot process is cryptographically verified, and so should be
difficult to tamper with. Unfortunately this isn't really sufficient - on
x86 systems there's typically no verification of the integrity of the
secure boot database. An attacker with physical access to the system could
attach a programmer directly to the firmware flash and rewrite the secure
boot database to include keys they control. They could then replace the
boot image with one that they've signed, and the machine would happily boot
code that the attacker controlled. We need to be able to demonstrate that
the system booted using the correct secure boot keys, and the only way we
can do that is to use the TPM."
