On Mon, Feb 8, 2021 at 4:47 PM Martin Whitaker mailing-lists@martin-whitaker.me.uk wrote:
On 07/02/2021 22:23, Chris Murphy wrote:
On Sun, Feb 7, 2021 at 2:08 AM Neal Gompa ngompa13@gmail.com wrote:
Hey all,
I discovered today that there's a new replacement for memtest86+ that appears to even have UEFI support called PCMemTest[0].
The main reason I call out to this is because we don't have a memory tester offering in our UEFI boot variant for the Fedora live media, and this is actively maintained (unlike memtest86+, which we currently use...).
Mageia is shipping this starting with Mageia 8[1], and we should consider shipping this with Fedora 34.
- A listed limitation: "When booted on a UEFI system, keyboard input
will only be seen if the CSM is enabled in the BIOS. Without this, the test will run, but you will be unable to alter the configuration."
- How does a CSM provide keyboard input to an EFI application? Or does
this mean with CSM enabled, we'd use the BIOS version of the memory tester; and with CSM disabled, we'd use the UEFI version of the memory tester?
On all the machines in my possession, enabling the CSM enables emulation of the keyboard controller ports (ports 0x60 and 0x64), even when booted in UEFI mode. That may not be true for all BIOSs of course.
OK. I'm confused (not unusual) and also ignorant of how the keyboard driver situation works on UEFI without the CSM enabled. Because without it enabled, I definitely have working keyboard on all my systems in EFI shell. That suggests the keyboard driver is available, isn't due to GRUB providing one.
I see GRUB has usb_keyboard.mod but I don't see it as one of the modules we're baking into Fedora's grubx64.efi. https://src.fedoraproject.org/rpms/grub2/blob/rawhide/f/grub.macros
I guess I'm trying to figure out the scope of the "does not have working keyboard with native UEFI plus Secure Boot" problem.
- As far as I'm aware, enabling CSM requires disabling UEFI Secure Boot.
Probably so. At which point you are limited to running the memory tests with the default configuration (which is to run all tests using a single processor).
As I don't use secure boot, I wasn't really motivated to start writing a replacement keyboard driver.
Yeah I definitely do not want Fedora in a position where anyone has to give users advice like "you need to disable UEFI Secure Boot" in order to do X. Be it testing RAM or anything else.
Chris Murphy wrote:
Yeah I definitely do not want Fedora in a position where anyone has to give users advice like "you need to disable UEFI Secure Boot" in order to do X. Be it testing RAM or anything else.
Why would anyone want to NOT disable Restricted Boot? (Assuming the firmware is not broken and lets them disable it, as it is supposed to.)
Kevin Kofler
On Mon, Feb 8, 2021 at 5:19 PM Kevin Kofler via devel devel@lists.fedoraproject.org wrote:
Chris Murphy wrote:
Yeah I definitely do not want Fedora in a position where anyone has to give users advice like "you need to disable UEFI Secure Boot" in order to do X. Be it testing RAM or anything else.
Why would anyone want to NOT disable Restricted Boot? (Assuming the firmware is not broken and lets them disable it, as it is supposed to.)
If you want to take the risk of acquiring a rootkit that can permanently take control of your firmware, that is up to you. It should not be a distribution recommendation to subject users to such bad advice.
Chris Murphy wrote:
If you want to take the risk of acquiring a rootkit that can permanently take control of your firmware, that is up to you. It should not be a distribution recommendation to subject users to such bad advice.
And the "good advice" would be to accept that your computer will only run operating systems approved by Microsoft and to accept a security model that prevents basic functionality such as hibernation, third-party kernel modules, etc.?
And for the record, my computer's UEFI firmware is so old that "Secure Boot" cannot even be enabled at all, even if I wanted to.
Kevin Kofler
On Mon, Feb 8, 2021 at 9:13 PM Kevin Kofler via devel devel@lists.fedoraproject.org wrote:
Chris Murphy wrote:
If you want to take the risk of acquiring a rootkit that can permanently take control of your firmware, that is up to you. It should not be a distribution recommendation to subject users to such bad advice.
And the "good advice" would be to accept that your computer will only run operating systems approved by Microsoft and to accept a security model that prevents basic functionality such as hibernation, third-party kernel modules, etc.?
Don't blame Microsoft for our failings. The fact that we can't do hibernation or offer an easy path for third-party kernel modules to function in a Secure Boot environment is *entirely* our fault. After shim->grub2, Microsoft's trust ends and ours begins. We use *our* certificate from GRUB onward.
The fact that hibernation is broken in Secure Boot is entirely the fault of the engineers that were in charge of developing the Fedora kernel and bootloader security mechanism, because they created the patch set that made it functionally impossible to make it work. That is, it's the LOCKDOWN feature layered on Secure Boot, not Secure Boot itself. It's obvious Secure Boot itself is no impediment to hibernation, since both Windows and macOS (both users of Secure Boot) can do hibernation just fine.
The fact that third-party kernel modules are nearly impossible to set up in Secure Boot is entirely the fault of engineers who designed the certificate trust mechanism to not offer a path for semi-interactive or non-interactive trust scenarios like we have for package and repository signatures. It is theoretically possible for third-party stuff to work in a Secure Boot environment, but the path to get there is so onerous because nobody who makes this stuff for Linux cares to make this easy to work with. The trust mechanisms for Secure Boot are not fundamentally any different from how trust works for GPG (they're both rooted in PKI architectures). The difference is that expanding trust at the Linux kernel level is deliberately under-documented and considered unsupported. Additionally, creating signed kernel module packages has been broken since the beginning, since nobody cared to actually *fix* the kernel module packaging system to account for it.
I've been trying to untangle this mess for months because I'm frustrated by how stupid the situation is and how we've never *tried* to make having a secure system easier.
None of this had to be this way. It is so by our own inaction, not by the action of Microsoft.
And for the record, my computer's UEFI firmware is so old that "Secure Boot" cannot even be enabled at all, even if I wanted to.
Meh. That means your computer was made before Microsoft started having vendors require UEFI firmware to include their keys for Windows certification (which was in 2006/2007). I'm surprised it still works. More power to you, I guess?
Neal Gompa wrote:
Don't blame Microsoft for our failings. The fact that we can't do hibernation or offer an easy path for third-party kernel modules to function in a Secure Boot environment is *entirely* our fault. After shim->grub2, Microsoft's trust ends and ours begins. We use *our* certificate from GRUB onward.
Sorry, there is a misunderstanding there. I did not intend to blame Microsoft for the restrictions within the kernel Linux imposed by the security model. There are 2 separate issues here:
1. Any operating system (in practice, the initial bootloader, shim in our case, but that is shipped by the operating system) must be signed by Microsoft to boot at all. AND 2. The security model prevents basic Linux kernel functionality.
Both are ultimately failures of the UEFI spec and not of Microsoft. Microsoft is not a party to issue 2 at all.
The fact that hibernation is broken in Secure Boot is entirely the fault of the engineers that were in charge of developing the Fedora kernel and bootloader security mechanism, because they created the patch set that made it functionally impossible to make it work. That is, it's the LOCKDOWN feature layered on Secure Boot, not Secure Boot itself.
The thing is, the engineers claim that this LOCKDOWN "feature" is necessary to comply with the Secure Boot spec. I know some other distributions have a different interpretation, which makes this security entirely moot, because if the non-locked-down kernels break the security model, it is enough to have one distribution offering a signature path to such a kernel and the security model is already broken. But despite that, Red Hat does not want to take the risk of being held responsible for breaking the security model.
It's obvious Secure Boot itself is no impediment to hibernation, since both Windows and macOS (both users of Secure Boot) can do hibernation just fine.
I don't know what they do differently. All I know is that it is not allowed by the Fedora kernel under Secure Boot restrictions.
There are also other, more subtle restrictions, such as banning even root from accessing kernel memory.
Meh. That means your computer was made before Microsoft started having vendors require UEFI firmware to include their keys for Windows certification (which was in 2006/2007). I'm surprised it still works. More power to you, I guess?
It is actually an ASUS P8Z68-V motherboard, introduced in 2011. It is labeled as "Windows 7 ready". According to: https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_b... the Secure Boot requirement was introduced with the Windows 8 certification in 2011, which my motherboard predates.
Kevin Kofler
* Neal Gompa:
None of this had to be this way. It is so by our own inaction, not by the action of Microsoft.
I agree. No one but Microsoft stepped up and was willing to control the key material.
I still wish we went the way of documenting how to disable Secure Boot in commonly used firmware implementations. Secure Boot does not offer any benefit to a platform designed to be as malleable as Fedora is. I tried to start that documentation, but I got the distinct impression it was unwanted.
Instead run-time disabling of Secure Boot support without reboot comes and goes, particularly in downstream kernels. Kernel modules are such an important diagnostic tool, and not everyone plans ahead and disables Secure Boot in case they need to load kernel modules later.
And for the record, my computer's UEFI firmware is so old that "Secure Boot" cannot even be enabled at all, even if I wanted to.
Meh. That means your computer was made before Microsoft started having vendors require UEFI firmware to include their keys for Windows certification (which was in 2006/2007). I'm surprised it still works. More power to you, I guess?
Last time I checked this, the Microsoft keys required for Windows certification were not those used to sign third-party binaries like the Fedora shim (the “Microsoft Corporation Third Party Marketplace Root”). You could see the difference in Hyper-V configurations, where the default Secure Boot configuration cannot boot Fedora.
Thanks, Florian
* Florian Weimer:
- Neal Gompa:
None of this had to be this way. It is so by our own inaction, not by the action of Microsoft.
I agree. No one but Microsoft stepped up and was willing to control the key material.
I still wish we went the way of documenting how to disable Secure Boot in commonly used firmware implementations. Secure Boot does not offer any benefit to a platform designed to be as malleable as Fedora is. I tried to start that documentation, but I got the distinct impression it was unwanted.
Instead run-time disabling of Secure Boot support without reboot comes and goes, particularly in downstream kernels. Kernel modules are such an important diagnostic tool, and not everyone plans ahead and disables Secure Boot in case they need to load kernel modules later.
(“run-time disabling of kernel lockdown“ is more accurate—but of course if there's an off switch for this feature, lockdown isn't very effective in the first place.)
And for the record, my computer's UEFI firmware is so old that "Secure Boot" cannot even be enabled at all, even if I wanted to.
Meh. That means your computer was made before Microsoft started having vendors require UEFI firmware to include their keys for Windows certification (which was in 2006/2007). I'm surprised it still works. More power to you, I guess?
Last time I checked this, the Microsoft keys required for Windows certification were not those used to sign third-party binaries like the Fedora shim (the “Microsoft Corporation Third Party Marketplace Root”). You could see the difference in Hyper-V configurations, where the default Secure Boot configuration cannot boot Fedora.
Thanks, Florian
On Mon, Feb 8, 2021 at 7:13 PM Kevin Kofler via devel devel@lists.fedoraproject.org wrote:
Chris Murphy wrote:
If you want to take the risk of acquiring a rootkit that can permanently take control of your firmware, that is up to you. It should not be a distribution recommendation to subject users to such bad advice.
And the "good advice" would be to accept that your computer will only run operating systems approved by Microsoft and to accept a security model that prevents basic functionality such as hibernation, third-party kernel modules, etc.?
This is such an old argument. I know you've been around in Fedora long enough to actually understand this stuff if you really wanted to at least not spread misinformation.
Microsoft does not approve or disapprove of operating systems. They have an EFI signing program for developers. They are signing just our shim bootloader. Fedora signs the other things in the boot chain.
Anyone can enroll their own signing keys with the firmware, sign the bootloader, kernel and kernel modules, including 3rd party. You can even mix and match signed binaries. And those binaries will comply with a Secure Boot enabled system just fine, without having Microsoft signatures on anything. Yes that's tedious and it would be better if it were easier than it is right now.
Windows supports hibernation, with UEFI Secure Boot enabled. We don't because Linux hibernation images are inherently insecure by design and thus are a loophole for thwarting the Secure Boot regime. Therefore a kernel lockdown policy is applied to disallow hibernation if Secure Boot is enabled. It can be fixed, but the resources to finish that work have not yet materialized.
Literally none of this is Microsoft's fault. And rootkits predate UEFI.
Chris Murphy wrote:
This is such an old argument. I know you've been around in Fedora long enough to actually understand this stuff if you really wanted to at least not spread misinformation.
I do not see how I am spreading misinformation. I think you are misunderstanding me. I do not intend to blame Microsoft for all the issues with the Secure Boot spec, they are only the monopoly for the signature of the initial bootloader. See my reply to Neal Gompa.
Microsoft does not approve or disapprove of operating systems. They have an EFI signing program for developers. They are signing just our shim bootloader. Fedora signs the other things in the boot chain.
Where have I claimed anything else? The fact is still that the requirement for Microsoft to sign the initial bootloader gives them veto power over any operating system running on users' computers.
And that is the one and only flaw (out of several) in the spec in which Microsoft is involved. The remaining issues are inherent to the spec itself.
Anyone can enroll their own signing keys with the firmware, sign the bootloader, kernel and kernel modules, including 3rd party. You can even mix and match signed binaries. And those binaries will comply with a Secure Boot enabled system just fine, without having Microsoft signatures on anything. Yes that's tedious and it would be better if it were easier than it is right now.
While I appreciate that the shim developers introduced this workaround (IIRC, it actually comes from openSUSE developers, not Fedora or Red Hat developers), this is absolutely impractical compared to just disabling the restrictions altogether.
Windows supports hibernation, with UEFI Secure Boot enabled. We don't because Linux hibernation images are inherently insecure by design and thus are a loophole for thwarting the Secure Boot regime.
I do not want my computer to impose a regime on me. I want to decide what I run on my own computer, I do not want my computer to decide for me. Say no to Treacherous Computing!
Therefore a kernel lockdown policy is applied to disallow hibernation if Secure Boot is enabled. It can be fixed, but the resources to finish that work have not yet materialized.
Even that will still not fix the other restrictions inherently caused by this security regime.
Literally none of this is Microsoft's fault.
I have never claimed otherwise.
And rootkits predate UEFI.
Yet, we were running just fine all these times without something like "Secure Boot".
Kevin Kofler
-
Chris Murphy -
Florian Weimer -
Kevin Kofler -
Neal Gompa