Friday, August 14, 2009

fixing the problem with encrypted root boxes

before i blogged about my laptop with encrypted root drive and the possibility of someone installing a malicious program to collect login credentials when booting the system. this guide might provide me the solution to that problem:

i only skimmed it but basically it shows how combining a signing of applications with a special kernel module allows you to enforce execution of only properly-signed apps. tie that into your /boot and initrd and it may be much more difficult to exploit the unencrypted boot partition.

Saturday, August 1, 2009

how secure can you get?

The recent theft of my EeePC netbook has brought on the usual set of 20-20 hindsight for this scenario. I should have backed up my files. I kept being pessimistic about this due to the cost of doing it right compounded with the possible future need for more storage and thus more backup. I also should have had some backdoor secure application to run and report on the laptop's location when it booted up. But the files themselves are secure - the Linux OS's root drive and swap partition were both encrypted by default.

The backup and lojack applications are easy to accomplish. Burn or copy files every once in a while to some backup medium and put it in a safe or storage center. Write a script that gets my GeoIP information from one site and tweets it or uploads it to a pastebin. Even the encryption is easy to use - follow a simple guide provided by Slackware on their install CD and you can have a fully-functional encrypted root OS a few minutes after a full install. But what they don't discuss is the possibility of tampering with the system.

The whole thing works by allowing an unencrypted program in a boot partition to load up a kernel and some drivers and prompt me for a password. It doesn't take a computer forensics expert to figure out that such a program could be replaced with a trojan with keystroke-logging capabilities or even more complicated & nefarious tricks. If someone just has access to your machine for a few minutes - even when powered off - they can potentially infect your boot partition with a malicious application and the encryption password can be revealed.

So what's the safeguard? As far as I can tell there is little real assurance of trust. You could remove the boot partition and carry a thumb-drive with the bootloader, kernel and initrd. However, even this could be thwarted by BIOS or CMOS level malware that lies in wait. A BIOS password can provide some protection but even then I can imagine further attacks. An attacker could save the state of the CMOS, reset the battery, install their malware, then restore most of the CMOS along with the old password making it very difficult to tell if an attack took place.

In the end it's obvious you need multiple layers of security to even begin to really feel 'safe'. But realistically, the people who took my laptop will probably be thwarted by the Linux logo alone. Oh well; time to go buy some backup media...