[personal profile] mjg59
In measured boot, each component of the boot process is "measured" (ie, hashed and that hash recorded) in a register in the Trusted Platform Module (TPM) build into the system. The TPM has several different registers (Platform Configuration Registers, or PCRs) which are typically used for different purposes - for instance, PCR0 contains measurements of various system firmware components, PCR2 contains any option ROMs, PCR4 contains information about the partition table and the bootloader. The allocation of these is defined by the PC Client working group of the Trusted Computing Group. However, once the boot loader takes over, we're outside the spec[1].

One important thing to note here is that the TPM doesn't actually have any ability to directly interfere with the boot process. If you try to boot modified code on a system, the TPM will contain different measurements but boot will still succeed. What the TPM can do is refuse to hand over secrets unless the measurements are correct. This allows for configurations where your disk encryption key can be stored in the TPM and then handed over automatically if the measurements are unaltered. If anybody interferes with your boot process then the measurements will be different, the TPM will refuse to hand over the key, your disk will remain encrypted and whoever's trying to compromise your machine will be sad.

The problem here is that a lot of things can affect the measurements. Upgrading your bootloader or kernel will do so. At that point if you reboot your disk fails to unlock and you become unhappy. To get around this your update system needs to notice that a new component is about to be installed, generate the new expected hashes and re-seal the secret to the TPM using the new hashes. If there are several different points in the update where this can happen, this can quite easily go wrong. And if it goes wrong, you're back to being unhappy.

Is there a way to improve this? Surprisingly, the answer is "yes" and the people to thank are Microsoft. Appendix A of a basically entirely unrelated spec defines a mechanism for storing the UEFI Secure Boot policy and used keys in PCR 7 of the TPM. The idea here is that you trust your OS vendor (since otherwise they could just backdoor your system anyway), so anything signed by your OS vendor is acceptable. If someone tries to boot something signed by a different vendor then PCR 7 will be different. If someone disables secure boot, PCR 7 will be different. If you upgrade your bootloader or kernel, PCR 7 will be the same. This simplifies things significantly.

I've put together a (not well-tested) patchset for Shim that adds support for including Shim's measurements in PCR 7. In conjunction with appropriate firmware, it should then be straightforward to seal secrets to PCR 7 and not worry about things breaking over system updates. This makes tying things like disk encryption keys to the TPM much more reasonable.

However, there's still one pretty major problem, which is that the initramfs (ie, the component responsible for setting up the disk encryption in the first place) isn't signed and isn't included in PCR 7[2]. An attacker can simply modify it to stash any TPM-backed secrets or mount the encrypted filesystem and then drop to a root prompt. This, uh, reduces the utility of the entire exercise.

The simplest solution to this that I've come up with depends on how Linux implements initramfs files. In its simplest form, an initramfs is just a cpio archive. In its slightly more complicated form, it's a compressed cpio archive. And in its peak form of evolution, it's a series of compressed cpio archives concatenated together. As the kernel reads each one in turn, it extracts it over the previous ones. That means that any files in the final archive will overwrite files of the same name in previous archives.

My proposal is to generate a small initramfs whose sole job is to get secrets from the TPM and stash them in the kernel keyring, and then measure an additional value into PCR 7 in order to ensure that the secrets can't be obtained again. Later disk encryption setup will then be able to set up dm-crypt using the secret already stored within the kernel. This small initramfs will be built into the signed kernel image, and the bootloader will be responsible for appending it to the end of any user-provided initramfs. This means that the TPM will only grant access to the secrets while trustworthy code is running - once the secret is in the kernel it will only be available for in-kernel use, and once PCR 7 has been modified the TPM won't give it to anyone else. A similar approach for some kernel command-line arguments (the kernel, module-init-tools and systemd all interpret the kernel command line left-to-right, with later arguments overriding earlier ones) would make it possible to ensure that certain kernel configuration options (such as the iommu) weren't overridable by an attacker.

There's obviously a few things that have to be done here (standardise how to embed such an initramfs in the kernel image, ensure that luks knows how to use the kernel keyring, teach all relevant bootloaders how to handle these images), but overall this should make it practical to use PCR 7 as a mechanism for supporting TPM-backed disk encryption secrets on Linux without introducing a hug support burden in the process.

[1] The patchset I've posted to add measured boot support to Grub use PCRs 8 and 9 to measure various components during the boot process, but other bootloaders may have different policies.

[2] This is because most Linux systems generate the initramfs locally rather than shipping it pre-built. It may also get rebuilt on various userspace updates, even if the kernel hasn't changed. Including it in PCR 7 would entirely break the fragility guarantees and defeat the point of all of this.

Not of particular interest

Jul. 14th, 2017 09:49 am
vicarz: (Pikacutie!)
[personal profile] vicarz posting in [community profile] lifting_heavy_things
I forgot I joined this group. I used to (heart) gymrats in eljayland.

It's over a year since my unexplained nerve pinch injury, and I'm mostly back?

My weakest area remains my bench, but it's not far off. I used to hit 235 for 1-2, yesterday I hit 215 for a single. I'm trying to do more size (big but boring) work and put dips back in, trying to nail form rather than show off by tying on 70-90 lbs hanging from a belt.

My squat is mixed, but mostly up. I've pushed from my 315 plateau to singles and doubles at 345. I had some unexplained setbacks / fails at 345 and am unsure of whether to repeat or drop (probably repeat). I'm also doing more light rep work at some expense of lunges and front squats. I want to do them all but when my workouts hit 2 hours I am kinda done.

My DL is a mild disappointment, where I think I peaked at doubles at 445, now I've only hit - and failed - singles at 445 recently. I'm 100% doing a reset on DL. I also wonder if my recent form-cue changes have impacted this, but I'd rather fix my form than have another mystery nerve pinch.
* in my public gold's gym world, a 405 DL is often a wow-conversation starter

OP is about as weak as bench, where I had previously done 155 for doubles, now I'm 145 for a single. I'm 80% less likely to cheat though, fighting the urge to lean back and wiggle up my weights. There is no medal for back-bending inverted bench air press (give me some credit, at least I don't push press and deny it).

I thnk the big-but-boring 5x10 50/60% reps are helping with my lack of formal conditioning, but I'm also trying to do just a little, some 3 minute jumprope sessions and the like. I may try to see if I can heavybag without my bad elbows creeping back up. Pokemon walking probably isn't conditioning, but it does make people look at me strangely. "Doesn't my grandson play that game?"

media

Jul. 13th, 2017 08:36 am
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
Experienced recently, keeping it short here more as a log than as reviews:

Reading:
Nicola Griffith's Slow River on an accurate recommendation from [personal profile] watersword. So good. Wow for the realistic abuse content, ggggnnnnnngggh for the competence in water treatment facility management scenes. I feel like people who liked China Mountain Zhang, for the personal journey stuff and the mundane futuristic scifi stuff and the emphasis on physical labor and managing complicated processes, might be likely to also like this.

(Reread) a few Tamora Pierce books from The Protector Of the Small quartet for comfort. Still comforting.

All the Birds in the Sky: finished, LOVED everything except the last 10 pages which were just okay.

Started Hild and am having a tough time getting the world into my head.

Am most of the way through Harry Potter and the Cursed Child which is fairly breezy.

A bunch of Jon Bois stuff which is SO GREAT.

Visual:

In Transit, documentary, loving and unexpected. Way more about people and way less about the train itself than I thought we'd see. I had a lot of nostalgia for my times on the Empire Builder.

Schindler's List -- saw this for the first time. Stunning, of course. I'm glad I saw it on the big screen. I am glad I saw it on a Friday night when I'd had a good day and I didn't have anything in particular to do the next couple days.

Jurassic Park -- awesome and fun, maybe my 3rd or 4th time seeing it. I could probably see this once every 12-18 months.

Steven Universe -- all caught up now, love the songs, love Lion, amazed and surprised every few episodes.

A Man For All Seasons -- saw this in high school I think? So many good burns in this movie, and a fascinating portrayal of an actual conservative.

Wonder Woman -- better as an Event than as a movie (in contrast some movies don't have to be Events, like, Ballistic: Ecks vs. Sever or whatever). The message the movie wants to speak is in direct opposition to the basic visual and structural form of a tentpole superhero blockbuster film. But there are fun bits.

Yuri!!! On Ice -- I'm glad I saw this and I respect it a lot but I don't love it. I think that it's the restaurant that doesn't punch you in the face for a bunch of the intended audience, and I'm not part of that audience.

Audio:

Leonard's podcasted conversations with our friend Lucian about 90s nostalgia -- I enjoyed Lucian's recurring "because Kurt Cobain" explanations of his teenage quirks.

Back at it

Jul. 11th, 2017 06:44 pm
romeoshaun: (Default)
[personal profile] romeoshaun posting in [community profile] lifting_heavy_things
Hey,

So, three months out and a lot of sporadic training over the years but finally I am back at it, feeling more optimistic than ever. When I first started out I ate a load of junk and trained hard, I got big, but not in a good way, I had t shirt muscles. I learnt the hard way, so, now I'm starting afresh, I have cut down and lost a lot of weight, goes to show how much bf I was carrying when I thought I was hench (big and muscley) I wasn't, I was a lump of, well, you get the picture. I'm feeling pretty awesome at the moment, doing it all properly now, clean diet, hard training and a whole new mindset. I have learnt so much in the 6 years I have been working out but feel now is where I truly begin my journey lifting heavy things. This is where it all begins. :)

Jon Bois

Jul. 9th, 2017 11:57 pm
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
I need to go to sleep, but:

There are some people making speculative fiction right now who don't get enough mainstream attention, in my opinion, or even enough attention from the circles of feminist scifi fans I generally hang out with. Like, some of you know about them, but others don't, and if you don't, I feel an urge to shake you by the lapels as I tell you about them, to ensure you are fully aware. Like, Alexandra Petri is consistently doing really interesting speculative work in her Washington Post column. Alexandra Erin's "Women Making Bees in Public" is an amazing piece about the necessity of being fierce and spycrafty in order to be a woman, about bees, about unexpected beauty, and about doing a chunk of work every day and witnessing what emerges.

And Jon Bois does some digital humanities writing and videos (often using the lens of sports history to dig up interesting stories and statistics), and writes fiction, again, often using the lens of sports to think about meaning, uncertainty, loss, and kindness. Jed's blog post about Bois's fiction pointed me to a few of his pieces and I'm just enthralled -- The Tim Tebow CFL Chronicles is 40,000+ words and is complete, and 17776 is in serialization right now (here is a MetaFilter thread where I'm discussing the chapters as they go up).

His work is so loving and he's so consistent about making connections, stories, ideas that feel immediately real and of-course-it-would-be-like-that, finding the alien in the familiar and the familiar in the alien. The humaneness, that is what I am trying to get at. I need to sleep -- I hope you give him a try.
Page generated Jul. 21st, 2017 08:35 pm
Powered by Dreamwidth Studios