Comments (4)
This is already planned - that's why we wrote the chainloading support in stage 1 in Rust, to make sure when secure boot comes that it isn't vulnerable to memory corruption issues (particularly in the FAT32 support).
However, I want to offer proper secureboot that integrates with the SEP too, so I'm not in a rush to implement this until we better understand how that all works. In the meantime, the evil maid hole is easy to plug: just enable FileVault in macOS. That will gate all recovery actions behind entering your macOS password (including booting installers from USB; booting OSes from USB ls not really supported at all on these machines and would require your password already to set up the boot policy anyway).
from m1n1.
Also is there maybe a list of all of the config variables for stage 1?
from m1n1.
Is there any information about reverse engineering of SEP? There is already a TRNG API in sep.c .
from m1n1.
(Some notes from IRC that're suitable for this issue)
<marcan> that's a fair point, but a bit tricky... and at that point, it might actually make sense to make m1n1-stage1 able to boot multiple stage2s. That also, conveniently, solves the device tree incompatibility problem, by allowing separate DTs for each kernel.
<DmitrySharshakov[m]> We can use AES + password-derived key I guess. recoveryOS part of the installer generates the keypair, burns pubkey into m1n1-1, and encrypts private one to be stored in the ESP
<marcan> that's a bad idea, it lowers the security guarantees of the platform
<marcan> it's not possible to guarantee secure erasure of such a key file (this is why apple have effaceable storage), and therefore you potentially forever tie the security of secureboot to the user password, even if they change it
<marcan> but if we can do SEP-backed FDE that's much better and solves this problem
<marcan> ideally we figure out some SEP voodoo to allow wrapping the key file with that in macOS in a way that is then accessible again from Linux, but I'm not entirely sure that's possible, though it ought to be, since FileVault works like that?
<DmitrySharshakov[m]> At least that 'first approach' I suggested gives the same degree of security as custom sb keys on PC platforms. Btw you could also store the key on external media or do a secure erasure of the key material when changing the password
<marcan> "secure erasure" isn't a thing on SSDs
<marcan> "secure erasure" isn't a thing on SSDs
<DmitrySharshakov[m]> Well yes. But the risk is still low enough for casual users and attacker will have to desolder NAND to take a look at lost fragments of a broken cryptocontainer (which first has to have a compromised password or cryptography)
<DmitrySharshakov[m]> And for high-value cases a config option can be set to store the key on external media which can be wiped better
I propose a best-effort secure boot policy (embed a key in m1n1 stage 1, pass it via an encrypted file in the ESP, sign bundles of (m1n1 stage 2 + u-boot + kernel + initramfs) with it from Linux (decrypting the key with user's password).
However, this has weak points when the password being used is compromised and data can be retrieved even after deletion. But I think for now we can try implementing a simple secure boot with this flaw. In case this has to be extra reliable user can save the key on an external medium for it to be better removable. Of course, when SEP drivers are ready, those can be used for proper security (wrapping the key).
from m1n1.
Related Issues (20)
- No display over HDMI-out on M2 Mac Mini (j473ap) HOT 9
- llvm is already installed but getting error in make on M1 mac HOT 1
- How is with gpu support for M2 Pro? HOT 1
- broken m1n1 on j473 HOT 3
- How to resize partition size back? HOT 5
- Bluetooth audio started breaking up after last upgrade. HOT 1
- Is there a way to pass Linux cmdline from m1n1? HOT 2
- [Bug] Wrong size of window content
- KDE Power Managment Issue HOT 1
- sleep mode battery improvement HOT 2
- macOS on M1 is available on GitHub Actions, so can CI builds happen there? HOT 1
- Freezing and crashing after plugging in a Nvme ssd
- (m2 mini) display fails to initialize on 3440x1440 monitor
- Allowed SSH server and mDNS by default
- Uboot env variable usb_ignorelist=0x1050:*, HOT 1
- Asahi linux cannot install
- m1n1 make: src/utils_asm.S:115:5: error: instruction requires: fp-armv8
- Error after installation
- Is it possible to set Macintosh as the primary startup option when booting? HOT 2
- How to make modified Linux distribution installation files compatible with Asahi Linux (Apple Silicon)? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from m1n1.