Linux and Secure Boot certificate expiration

(lwn.net)

253 points pabs3 | 3 comments | 18 Jul 25 03:53 UTC | HN request time: 0s | source

Show context

RecycledEle ◴[19 Jul 25 13:30 UTC] No.44615326[source]▶

>>44601045 (OP) #

This is yet another why I do not encrypt.

replies(2): >>44615500 #>>44615502 #

craftkiller ◴[19 Jul 25 13:55 UTC] No.44615500[source]▶

>>44615326 #

Secure boot has nothing to do with encryption. It is verifying crytographic signatures. The bootloader is signed, not encrypted.

replies(1): >>44616142 #

vbezhenar ◴[19 Jul 25 15:10 UTC] No.44616142[source]▶

>>44615500 #

There's some link between secure boot and encryption.

If you don't do secure boot, you need to secure your boot chain in other ways, to prevent attacker from modifying your software to log entered passphrase.

Secure boot allows to build a verifiable chain of software (UEFI -> Bootloader -> Kernel -> Initrd) which will protect against any modification, so you can be sure that your key presses are not being logged by the malicious software. That said, commonly used Linux distros have some problems protecting initrd, but that's issue of those distros.

Another link is TPM. I set up my system in a way to keep encryption key in TPM and release it only when secure boot is enabled. This allows to decrypt root automatically, without entering passphrase and my configuration only allows to boot UKI kernel signed with my key. It trades security with convenience, of course (because now attacker, who stolen my computer, only has to break through gdm or perform other ways of attacks like extracting RAM sticks), but for me it's acceptable.

replies(3): >>44616306 #>>44616371 #>>44617443 #

1. craftkiller ◴[19 Jul 25 15:32 UTC] No.44616371[source]▶

>>44616142 #

That's like saying there is some link between putting locks on your doors and setting up booby traps because if you don't lock your doors then you need to set up booby traps to prevent a thief from stealing your stuff. They're both trying to mitigate the same threat, but there is no connection between the 40 pounds of explosives I have wired to my front door and an intricate metal cylinder that can only be manipulated by another piece of metal in a specific shape.

Personally, I do both secure boot and encryption.

replies(1): >>44616455 #

2. bri3d ◴[19 Jul 25 15:41 UTC] No.44616455[source]▶

>>44616371 (TP) #

No, it’s like saying there is a link between putting locks on your door and making sure the lock can’t be replaced with one that takes someone else’s key, or worse one that copies the key that’s put into it. The threat models directly overlap.

replies(1): >>44616654 #

3. craftkiller ◴[19 Jul 25 16:04 UTC] No.44616654[source]▶

>>44616455 #

That's a good analogy to point out the weakness behind relying on encryption without secure boot but without going into the mechanism behind "making sure the lock can’t be replaced" people might incorrectly think "they're both about setting up locks and therefore they are linked" whereas "making sure the lock can’t be replaced" involves securing the environment that the lock is placed in, like "Make sure your hinges are not exposed so the door cannot be taken off its hinges from the outside and replaced with a seemingly identical door."

↑