On 29/03/17 07:04 AM, Malte Gell wrote:
[...]
But, I am a bit confused, this guides signs vmlinuz, but not a single module!? Don´t the kernel modules need to be signed as well? Or is there some magic that applies the vmlinuz signature automatically to all modules?!
Personally I think that an signed boot is meaningless, Without, that is, an encrypted root, swap, home and all other data. Encrypt your drive and be done with it. Why do I think that a signed boot is meaningless? Well if I have access to your machine for more than a trivial amount to time I can be off with it or off with its hard drive or an image of the drive. I don't have to be an uber-hacker to do any of that. Once I have your drive I can mount it on another machine, and at that point I'm not going to be after your kernel or modules when I can get at your data. If its a laptop, well, there are uncounted stories of laptops being stolen. And the moment you get off a plane a ship or in many cases cross a jurisdictional boundary your laptop may be subject to inspection and perhaps imaging. That's not a situation which is getting any easier for travellers. I've been fortunate in that no place I've worked has had a break-in where the thief simply took the desktops or the drives from the desktop, but I've read of that happening. However one of my clients had a contractor that did not adequately sanitize the drives of EOL desktops that were being disposed of. This seems common; the discards that I find stacked in the Closet of Anxieties don't have wiped hard drives, but at least they haven't left the premises. I would strongly advocate encrypting the hard drive. Encrypted/protected boot or simply encrypted root is not adequate. Yes, its nice to protect the /etc/passwd with additional layers, but how meaningful is it? There are much more effective ways of getting passwords (or bypassing access controls) than attacking a Linux /etc/passwd file. What counts is DATA. Protect your web site data, especially when the web site is active :-) Protect your user's data under /home. Protect your databases. Look, if you are really concerned you should have each user's $HOME in a separate container that is unlocked and mounted when and only when they are logged in by using an appropriate PAM module and their own cryptographic signature. Stop and think about it; do a proper risk analysis. Consider where your really valuable resources are. Consider your actual vulnerabilities and rate them. There's the old story about the drunk looking for his lost keys under the lap post because the light is better there, never mind that he lost his keys somewhere else. sadly, too much of 'protection' is like that. What actual protection does a 'secure boot' bring when compared to, say, an encrypted drive, and how complex are each to implement? -- The first method for estimating the intelligence of a ruler is to look at the men he has around him. -- Machiavelli -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org