S4 sig-check-lpc-20130918
-
Upload
suselab -
Category
Technology
-
view
2.112 -
download
0
Transcript of S4 sig-check-lpc-20130918
Signature verification of hibernate snapshot
September, 2013, LPC 2013, New Orleans
Joey Lee
Problem
On a multi-boot machine, hacker use any hole in another UEFI trusted OS to modify the hibernate snapshot image in swap partition.
Through uswsusp, userspace can take the snapshot of memory then modify it. Upload it back to memory then trigger the restore.
Idea
Jiri Kosina: Let EFI bootloader generates key-pair then pass to kernel for sign hibernate image.
Fundamental point: Trust the boot time variable is secure when UEFI secure boot enabled.
Attempt to protect snapshot image integrity.
Steps (when hibernate)
shim bootloader geneates key-pair and put keys to non-volatile boot time varaibles.
EFI stub kernel loads private key before ExitBootServices().
Hibernate subsystem copy the private key to a empty page to keep it for sign snapshot when hibernate launched.
Kernel generates signature of snapshot image then put the signature to snapshot header. Current reserved max size of signature is 512 bytes.
Steps (when hibernate restore)
After hibernate loaded snapshot image from swap to temporary memory space, kernel uses the public key from runtime volatile variable to verify the signature that's stored in snapshot header.
Then depend on sig_enforceOFF: taint kernel and produce complain log when signature check fail
ON: fail the hiberntae restore, then finish boot process when signature check fail.
How to enable sig_enforce?
Use snapshot_sig_enforce kernel parameter.
Set kernel config then enable UEFI secure boot: EFI_SECURE_BOOT_SNAPSHOT_SIG_ENFORCE
EFI variable name and GUID
GUID: fe141863-c070-478e-b8a3-878a5dc9ef21
S4SignKey [BT][NV] private keyPKCS#8 _uncompressed_ private key format
S4WakeKey [RT][V] public keyX.509 format
When shim should generate keys?
When system boot, and shim didn't find key-pair
When shim found GenS4Key EFI variable from kernel:GenS4Key-fe141863-c070-478e-b8a3-878a5dc9ef21[RT][NV]
Kernel or userspace write GenS4Key variable to '1' when hibernate launched.
Kernel will delete GenS4Key in system boot.
Implementation Parts
Key-pair generator in shimAuthor: Gary Lin
https://github.com/lcp/shim/tree/s4-key-upstream
Asymmetric Keys in Kernel:Implemented PKCS#8 and PKCS#1 RSA private key parser
Add signature generation API and implement signature generation logic in PKCS#1 (RFC3447 sec 8.2.2)
Hibernate in Kernel:CONFIG_SNAPSHOT_VERIFICATION=y
Maintain and forward private key.
Avoid private key included in snapshot image.s
Sign snapshot image: generate signature then put it to snapshot header.
Performance of hash (machine 1)
CPU:Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
x86_64, ssse3
NormalSHA1: 150.80 MB/s
SHA256: 59.19 MB/s
SHA512: 78.44 MB/s
Builded ssse3 support (v3.10 later)SHA1: 195.60 MB/s
SHA256: 82.76 MB/s
SHA512: 120.60 MB/s
Performance of hash (machine 2)
CPU:Intel(R) CPU @ 2.60GHz
x86_64, ssse3, avx, avx2
NormalSHA1: 436.42 MB/s
SHA256: 163.23 MB/s
SHA512: 228.67 MB/s
Builded ssse3, avx, avx2 support (v3.10 later)SHA1: 609.66 MB/s