Security: Difference between revisions

From coreboot
Jump to navigation Jump to search
Line 67: Line 67:
If we, for now, start by assuming that coreboot and what resides in the boot flash is trusted, we then might have untrusted chips in the same device:
If we, for now, start by assuming that coreboot and what resides in the boot flash is trusted, we then might have untrusted chips in the same device:
=== The [[Embedded controller]] ===
=== The [[Embedded controller]] ===
Some laptops, like the chromebooks, do have free software on the embedded controller. This is the way to go.
However some laptops don't.
This chip usually handles:
* The keyboard. This can be abused to do a keylogger.
* power switches to wifi/bluetooth/data-modem
* On some thinkpads it controls a LED to illuminate the keyboard. This results in having a long wire that goes from the EC to that light. This can be abused as an antenna.


=== The hard disk firmware ===
=== The hard disk firmware ===

Revision as of 01:41, 18 January 2016

This page explains how coreboot can help with various security aspects of your system, compared to closed-source, legacy BIOS/EFI/firmware implementations.

This page is work in progress!

Free software

Security fixes

Fixes can take months before being available on non-free firwmares, if you are lucky enough to have them. With free software boot fimrwares, security issues can be fixed, and in coreboot many are.

Examples:

Security fixes are usually mentioned in coreboot ChangeLog on the blog.

Coreboot

Note that while coreboot itself is free software, many boards still use blobs. Some however don't require any.

Auditable code

Because the boot firmware is the first code that executes on the main CPU, it's an interesting target for rootkits:

  • The code that runs first has to load what runs next, so it can patch it. That patch can then in turn patch what's next and so on.
  • The code that runs first can setup SMM on X86 or TrustZone on some ARM SOCs. SMM/Trustzone are more powerful than ring0. On x86 devices, non-free boot firmwares have a tendency to put a lot of code to run in SMM. In contrast coreboot keep it to a minimum.
  • Being stored in a flash chip, separately from the OS and its data, non-free boot firmware have a tendency not to be updated by the end user, nor reflashed externally. That permits a very high persistency.

Given the above, being able to know what your boot firmware does is very important.

Reproducible builds

Coreboot is working on reproducible builds. That will permit to verify that a given binary corresponds to a given source code.

However this isn't sufficient to verify that you are running the right binary:

Dumping the flash chip externally is strongly advised for that, since some chipsets makes it too easy for the SMM code to give back (to flashrom) another binary than the one in the flash chip.

Existing security features

Given that, with coreboot, the hardware initialization is separated from the boot logic, many security features are implemented by payloads. Nevertheless, coreboot implement some security features.

Coreboot GRUB SeaBIOS Depthcharge Tianocore
Password verification No Yes No ?
Signature verification Yes Yes No Yes
Can open encrypted partition No Yes No No

Trust mitigations

If we, for now, start by assuming that coreboot and what resides in the boot flash is trusted, we then might have untrusted chips in the same device:

The Embedded controller

Some laptops, like the chromebooks, do have free software on the embedded controller. This is the way to go. However some laptops don't.

This chip usually handles:

  • The keyboard. This can be abused to do a keylogger.
  • power switches to wifi/bluetooth/data-modem
  • On some thinkpads it controls a LED to illuminate the keyboard. This results in having a long wire that goes from the EC to that light. This can be abused as an antenna.

The hard disk firmware

The GPU

Intel GPU

ATI GPU

Nvidia GPU

References for the current BIOS issues

RAM wiping

SMI issues

ATA issues

Firewire issues

TPM issues

Ideas

RAM wiping after each boot

This is not very useful: The most interesting time would be right before power-off, which could be implemented in SMM. Unfortunately a cautious attacker just pulls the plug.


To prevent reading data after a reboot, a payload could be adapted to clean out memory. Using applications that manage sensible data sensibly (ie. wipe after use) is still a better solution.