gnuboot-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU Boot patches: update to GRUB 2.12 with various fixes

From: Leah Rowe
Subject: Re: GNU Boot patches: update to GRUB 2.12 with various fixes
Date: Sun, 14 Jan 2024 19:55:33 +0000 
Hi Denis,

Thank you for review. I'd like to address some of your points:

> As for the out of tree GRUB patches, we want to avoid as much as
> possible having to use out of tree patches in general (unless the
> patches are backports of things that are already upstream).
> 
> So we're more interested in contributions that reduce the number of
> out of tree patches we depend on rather than increasing them:

I agree with this mentality, but the patches that I've added to GRUB
are all very much required, or otherwise beneficial to users,
especially the keyboard fixes and the argon2 patches.

> - For the patches to support Argon 2, having Argon2 is very important
> as it fixes a very serious security issue[1], but fixing it only in
>   distributions like GNU Boot, Libreboot, etc doesn't really make
> sense.

Why would it not make sense? GRUB already has the ability to use LUKS1,
this just makes LUKS2 possible. Having an encrypted /boot/ is the
use-case here, to prevent someone from tampering with it on the user's
system (attacker with physical access). 

>   For instance there are also people using GRUB with
>   'GRUB_ENABLE_CRYPTODISK=y' in various ways (with free or nonfree
> BIOS or UEFI) so that also leaves these people vulnerable.

I don't understand. Why would it leave them vulnerable? That
functionality would just do the same thing that ours already dose,
except in our case we're already opening those partitions to load Linux
from.

The distro's GRUB isn't executed, when a GRUB payload is used in
coreboot, so I don't fully understand your reasoning. Can you explain?

>   And if we apply the Argon2 patches in GNU Boot, we still have an
>   issue as it doesn't fix the problem for people that use
>   GRUB_ENABLE_CRYPTODISK=y with SeaBIOS.
> 
>   So the way forward here is to upstream that patch in GRUB. There is
>   also already a bug report about that upstream[2] in case that helps.

I did contact grub-devel, and Daniel Kiper told me that this would
likely be available by the timeof the GRUB 2.14 release. The 2.12
release only just came out, and GRUB usually only does a release every
few years, so you will be waiting years before that is possible. It's
already been years since those argon patches were made for GRUB, and
they haven'tbeen merged yet.

I've noticed a general tendency for GRUB to not merge patches. It
literally takes years, under the project's current leadership
(understaandable given the scope of the project and the limited
manpower relative to it).

>   In addition if the Argon 2 patch is upstreamed, it will be reviewed
> so there would be less probability to have memory safety issues in it
>   (like buffer overflow etc). Since the GRUB crypto subsystem was
>   reworked when merging support for detached keys, nowadays it should
> be faster to have patches reviewed and merged.

Those patches have been in use on GRUB 2.06 for years, distributed on
the archlinux user repository. The code in question is the reference
implementation by PHC (password hash competetion), which is likely safe.

> - As for the other GRUB patches (for keyboard related issues) it would
>   also be a good idea to upstream them in GRUB for instance for people
>   building GRUB outside of GNU Boot, Libreboot, etc. For the
>   patch that supports half-broken keyboards, if it somehow enables not
>   to trash laptops, upstreaming it would be very beneficial as many
>   more laptops could continue to work and not just laptops using GNU
>   Boot, Libreboot, etc.

I already did send my keyboard fixes to GRUB, and they haven't been
merged yet. To my knowledge, they haven't even been reviewed yet.

Not having argon2 support in GRUB is a bad idea. The alternative is for
the user to have an unencrypted /boot, or downgrade to older KDF like
PBKDF2 (and thus be vulnerable to GPU attacks), which is not ideal.

> References:
> -----------
> [1]Some states are able to decrypt LUKS volumes with passphrases of
> 20+ characters (that probably have low entropy) and Argon2 protects
>    way better against theses type of attacks when users use low
>    quality passphrases. So nowadays it's advised to use Argon2 or
>    Argon2i and 7 random words for the passphrase.
> [2]https://savannah.gnu.org/bugs/?55093
> 
> Denis.

The page you quote is no longer relevant, in my view. We have a working
implementation available for GRUB.

In fact, I did send to grub-devel asking about those PHC patches. I'm
told that they are strongly considering it. There was interest for
implementating argon2 again, but these patches just use the reference
implementation from phc.

The phc implementation is also used as a library on various operating
systems. It's pretty well-audited, and I've looked at that code myself,
it seems pretty solid. But it's up to you whether you merge it.

-- 
Leah Rowe,
Company Director,
Minifree Ltd

Registered in England, registration No. 9361826
VAT Registration No. GB202190462
Minifree Ltd, 19 Hilton Road, Canvey Island
Essex SS8 9QA, United Kingdom
United Kingdom

Attachment: pgpJZ_oGmBln8.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]