On 08/29/2017 04:01 PM, cooloutac wrote: > On Monday, August 28, 2017 at 6:36:08 PM UTC-4, Leo Gaspard wrote: >> Just encrypting /boot would bring little, as it would still be possible >> to modify the unencrypted part of GRUB (that decrypts /boot) to have it >> overwrite the /boot with malicious kernel images (or even to not use the >> ones provided). >> >> The options I know of are (from IMO strongest to weakest): >> * AEM, for knowing when someone tampered with /boot >> * SecureBoot, for restricting the allowed-to-boot images (I don't know >> about its ease of use with qubes, though) >> * locking your bootloader with a password and disallow external boot >> >> I'd think having all these protections at the same time would be best, >> using secureboot mostly to avoid having to ditch the laptop after AEM >> says it's no longer trustworthy (because it may stop the attacker before >> it can even make the laptop no longer trustworthy). > > secureboot can do more then restricting boot images, it can restrict > unsigned drivers too. Thats the part Joanna doesn't like because she does > not trust who will maintain the list of signed drivers. I say I'm already > putting just as much trust into alot of other things like my banks ssl cert > when connecting to my bank account. > > We are already trusting everything coming from upstream when we update...
Well it can, but the issue with secureboot I remember reading about in the AEM post [1] is that it assumes no security vulnerability in all the bootchain (which could be used to trick eg. grub to run another image than the one you expect it to), while AEM only assumes no security vulnerability in the TPM. That's why I was putting secureboot forward only as a limited way to prevent malicious modifications, in parallel with AEM, that would still be used as a more secure way of checking secureboot worked correctly. [1] https://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f3bc3ea-d715-5630-bdd5-8eb1d1047086%40gaspard.io. For more options, visit https://groups.google.com/d/optout.
