Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Boot menu and grub.cfg parser #196

Closed
osresearch opened this issue Apr 23, 2017 · 1 comment
Closed

Boot menu and grub.cfg parser #196

osresearch opened this issue Apr 23, 2017 · 1 comment
Labels
enhancement help wanted initrd installation linux UX

Comments

@osresearch
Copy link
Collaborator

Right now the path to the boot scripts are hard coded and very specialized to booting Qubes (as mentioned in #192). For non-Qubes users, for installing a new OS from a USB device or for situations when you want to boot something like Tails (cancelled pull request #191), it would be very useful to have a way to parse the existing /boot/grub/grub.cfg file to build a boot menu.

The syntax is very much like /bin/sh, so it might be possible to build enough scaffolding to just execute it. The PCRs would have already been extended, so an attacker who controlled the file would not be able to retrieve the disk encryption keys (and the system will very soon be executing code from that device anyway).
@osresearch osresearch mentioned this issue Apr 23, 2017
Closed
@flammit flammit mentioned this issue Apr 29, 2017
Closed
flammit added a commit to flammit/heads that referenced this issue Apr 29, 2017
@flammit
adds a USB boot option with basic parsing to kexec
efd662c 
Supports booting from USB media using either the root device or
a signed ISO as the boot device.  Boot options are parsed with
quick/dirty shell scripts to infer kexec params.

Closes linuxboot#195 and begins to address linuxboot#196
@flammit flammit mentioned this issue Apr 29, 2017
Merged
flammit added a commit to flammit/heads that referenced this issue Jul 3, 2017
@flammit
Added a generic boot config and persistent params
3614044 
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything.  This goes a long way to addressing linuxboot#196.

Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
@flammit
Copy link
Collaborator

flammit commented Jul 5, 2017

#200 seems to cover a lot of the functionality required for non-Qubes boot now. In fact, this works for Qubes boot as well, but you're required to enter the disk password on start.

FYI - to get to feature parity on the qubes-update/qubes-init scheme, the generic mechanism still needs the rollback protection (TPM counters are not used in hashes yet) and TPM secret key management.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted initrd installation linux UX
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@flammit @osresearch