Hacker News new | past | comments | ask | show | jobs | submit login
Bypass kernel lockdown/UEFI secure boot on Ubuntu 18.04 with ACPI SSDT injection (zx2c4.com)
137 points by zx2c4 28 days ago | hide | past | favorite | 30 comments

The author has published a new lockdown bypass that affects the mainline kernel as well: https://www.openwall.com/lists/oss-security/2020/06/15/3

Requires the ability to edit information in /boot and to reboot, so effectively root access but it does circumvent secure boot.

The idea of secure boot is to have a security level above root. So that even if you gain root level access, you can't put an APT onto the box or similar.

Agreed, so it's definitely a bug. But it does require disabling kernel address translation and two reboots.

Secure boot doesn't disable installing APTs, it disables installing kernel modules.

If you want to disable apts etc, you need SELinux or AppArmor or equivalent.

You may want to think that statement through a bit more.

Secure boot, as the name suggests, secures initial loading of the most central/core parts of an operating system: (indeed) the kernel and kernel modules.

While APTs can be installed on different levels, anywhere from kernel up to user space, a good (hard to detect) place for those is inside the kernel itself or in a kernel module.

Secure boot is definitely intended to prevent APTs, even if its only a part of the the full equation. You still need additional tools on top of a kernel, e.g. SELinux or AppArmor, that monitor, audit and (hopefully) prevent the introduction of APTs. However, without a trusted kernel (and kernel modules), all of those tools can be compromised/circumvented, making it ultimately an impossible task to secure the system as a whole.

The person you are replying to is confused about what an APT is. Looks like they think it is a package installed with `apt get`.

After reading it again, you may indeed be right. I didn't see it the first time around. My bad.

Still, "installing APTs" as a synonym for installing packages with apt? I guess I would have noticed it, if it had been "installing DEBs".

Also, using SELinux or AppArmor to disable the ability to install packages with apt is a new thing to me. But I have to admit that I'm not an expert at either.

FYI: APT = Advanced Persistent Threat

Maybe you don't need physical access, but through some RCE and then inject the module.

I said root access, not physical :) so I agree, you don't need physical access.

What is SSDT? What's exactly going on in this exploit?

Refer to https://uefi.org/specifications

> ACPI defines many tables that provide the interface between an ACPI-compliant operating system, and system firmware. This includes Differentiated System Description Table (DSDT), Secondary System Description Table (SSDT), and Static Resource Affinity Table (SRAT), for example.


As far as table contents, it's essentially an auxiliary DSDT (ACPI table defining variables, functions, interrupts, ...). An ACPI system has one DSDT and zero or more SSDTs.

So building a signed kernel that doesn’t support the nokalsr would be sufficient to stop this attack.

Never heard of iasl, but it is automatically installed and looks cool.

Does this affect Debian, or Ubuntu only?

No, and APTs refer to Advanced Persistent Threat (can be an organization, a malware, but with non-friendly or unintended intent).

And nothing to do with Debian package management that had the command and file type of “apt”.

Thanks. I'm aware it's not related to the package manager, just wanted to check.

Very cool. A very clever exploit.

In every UEFI thread there’s a bunch of critics saying, “See! It doesn’t work! UEFI secure boot is pointless!”

I say that it takes this much effort to bypass it shows the opposite: that it does work, it does increase security.

Because without it, you’d be compromised already at step zero.

But like every security measure so far, it’s seemingly not perfect. Nobody is honestly surprised by that, are they?

People cheer UEFI failures because Microsoft's actions with Secure Boot and such could align with an effort to eventually completely lock out the ability to install other operating systems on bare metal on hardware you own and don't rent from Microsoft. Microsoft isn't making OEMs only install their own platform keys now, but there's nothing guaranteeing the future will be the same, especially since they can claim to support Linux on Windows through WSL.

Also the whole scheme is not better than making boot configuration read only with a hardware switch, or storing your bootloader and /boot on a read-only medium, assuming you are using full-disk encryption.

Workable read-only mediums are darn hard to come by these days :-(

If by "compromised already at step zero" you mean "just the way computers worked for decades prior to secure boot", then yeah, I suppose.

The issue that I have heard people bring up is that it could potentially make it harder to install free and open source operating systems and thus turn consumer-grade and relatively cheap computers into less of a tool that you can use the way you want and more into an appliance.

For all the panic that ensued when stuff like secure boot and similar were first announced, and the fact that I still seem able to install my Linux distro of choice, I as somebody who has not gotten personally invested in this am not in a position to know how real such an issue is.

But I would like to know what proponents of secure boot think the technology solves and why what we had before inadequately addressed security needs. Because it seems to me that e.g. Windows will still happily get infected with viruses such that whether the boot process itself has been compromised, or just what comes immediately thereafter, does not matter too much. Or does it?

Secure boot, when working correctly, prevents the survival of rootkits. This alone is not sufficient, but it is necessary in order to allow a user of a system where a rootkit was installed to know this. Without secure boot, it is basically impossible to detect the existence of a well written rootkit, since it can control the OS tmand hide itself from any OS API, whether internal or external.

> Without secure boot, it is basically impossible to detect the existence of a well written rootkit, since it can control the OS tmand hide itself from any OS API, whether internal or external.

You can detect the existence of a rootkit by booting from known-clean read-only media and then scanning for it. It's even possible to implement "secure boot" this way without any hardware support -- have known-clean read-only boot media that contains your signing keys and then verifies and boots the operating system of your choice.

Implementing this in rushed closed-source system firmware is then purely a misfeature, along with the legitimate concern that it could lead to systems where the device owner can't install their own signing keys. Give people a USB stick with a hardware write protect switch, not signing keys hard-coded in firmware.

That does not solve the issue of a corrupted BIOS/UEFI, right? I assume at least that UEFI Secure Boot also protects itself from any attempt to be replaced without proper signed keys. Without this kind of protection, you either have to have a readonly BIOS/UEFI (so no possibility to issue updates), or you have a root-writeable, and so root-kit-able BIOS/UEFI.

You don't need all the firmware to be read-only, only the firmware update code, which can then require a hardware jumper to be set in order to update the firmware. Then the firmware can't be corrupted without physical access to set the jumper, and even if it is, the owner can still re-flash clean firmware because the update code is strictly read-only and therefore still clean.

And you already need to be able to at least detect that someone has had physical access, otherwise you can't even be sure that the device hasn't been replaced with a compromised one that forwards your credentials to the attacker.

This "security" protects the kernel and the boot chain, not any user data. You will find people care very little about the security of their didn't-even-know-it-existed-kernel when it protects purely against a scenario in which all their fricking data is already considered compromised.

It's an interesting point, but surely it is useful to know when you have been compromised (e.g. to change passwords)?What about post-infection where you want to e.g. clean up the machine without reinstalling the OS unnecessarily? Or in general preventing rootkits from persisting across reboots will at least help to prevent new data being exposed?

The only way to actually protect user data is to chain trust off the protected bootloader and kernel. Secureboot is necessary, but not sufficient.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact