Encrypted boot partition manager with UEFI Secure Boot support
With encrypted boot partition, nobody can see or modify your kernel image or initramfs. systemd-boot supports booting from encrypted boot partition, but you would be still vulnerable to Evil Maid attacks.
One possible solution is to use UEFI Secure Boot. Get rid of preloaded Secure Boot keys (you really don't want to trust Microsoft and OEM), enroll your own Secure Boot keys and sign boot loader with them. Evil maid would be unable to boot modified boot loader (not signed by your keys) and whole attack is prevented.
cryptboot simply makes this easy and manageable.
There might be other packages that are needed for scripts and configs to function.
-
Before you enroll your own keys, you can backup the ones which are currently deployed
# Execute as root efi-readvar -v PK -o old_PK.esl efi-readvar -v KEK -o old_KEK.esl efi-readvar -v db -o old_db.esl efi-readvar -v dbx -o old_dbx.esl -
Install your favorite Linux distribution according to its documentation.
-
Boot into UEFI firmware setup utility (frequently but incorrectly referred to as "BIOS"), enable Secure Boot and clear all preloaded Secure Boot keys (Microsoft and OEM). By clearing all Secure Boot keys, you will enter into Setup Mode (so you can enroll your own Secure Boot keys later).
You must also set your UEFI firmware supervisor password, so nobody can simply boot into UEFI setup utility and turn off Secure Boot.
-
Generate your new UEFI Secure Boot keys:
# Execute as root cryptboot-efikeys create -
Enroll your newly generated UEFI Secure Boot keys into UEFI firmware:
# Execute as root cryptboot-efikeys enroll [PK.key] [KEK.key] -
Sign boot loader with your new UEFI Secure Boot keys:
# Execute as root cryptboot systemd-boot-sign -
Reboot your system, you should be completely secured against evil maid attacks from now on!
Usage: cryptboot {systemd-boot-sign}
Manage UEFI Secure Boot keys
Commands:
systemd-boot-sign Sign kernel with UEFI secure boot keys
Usage: cryptboot-efikeys {create,list,status}
cryptboot-efikeys {enroll} [PK.key] [KEK.key]
cryptboot-efikeys {sign,verify} [file]
Manage UEFI Secure Boot keys
Commands:
create Generate new UEFI Secure Boot keys
enroll Enroll new UEFI Secure Boot keys to your UEFI firmware
(you have to clear old keys in your UEFI firmware setup utility first)
sign Sign EFI boot image file with your UEFI Secure Boot keys
verify Verify signature of EFI boot image file with your UEFI Secure Boot keys
list List all UEFI Secure Boot keys enrolled in your UEFI firmware
status Check if UEFI Secure Boot is active or inactive
# EFI System partition mount point (has to be specified in /etc/fstab)
EFI_DIR=/efi
# List of paths with images to sign
TO_SIGN=(
EFI/BOOT
EFI/Linux
EFI/systemd
)
# UEFI Secure Boot keys directory
EFI_KEYS_DIR=/etc/secureboot
# Option ROM
## See: https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom
## Setting ENABLE_OPROM="false" might soft brick your device. Make sure that your hardware doesn't need oproms
## If you plan on changing this setting after enrolling, you will have to issue the following commands again:
## cryptboot-efikeys create
## cryptboot-efikeys enroll [PK.key] [KEK.key]
## cryptboot systemd-boot-sign
ENABLE_OPROM="true"
-
If there is backdoor in your UEFI firmware, you are out of luck. It is GAME OVER.
Old laptops unfortunately regularly had backdoors in BIOS:
BIOS Password Backdoors in Laptops
New laptops (as of 2016) should be hopefully more secure, but I am only sure about Lenovo ThinkPads (there are no known backdoor passwords and Lenovo is reportedly replacing whole system board if user forgets his supervisor password).
-
You should never use same UEFI firmware supervisor password as your encryption password, because on some old laptops, supervisor password could be recovered as plaintext from EEPROM chip.
New Lenovo ThinkPads (T440, T450, T540, X1 Carbon gen2/3, X240, X250, W540, W541, W550 and newer models) should be safe, see e.g. this presentation:
-
Attacker can also directly reflash your UEFI firmware with his own modified evil firmware, but this can be prevented by physical means (e.g. epoxy resin ;-)).
There are also procedures how to reset supervisor password even on modern ThinkPads with SPI serial flash programmer. Again, you can use physical means for prevention.
-
If you have encrypted boot partition, you can't easily use another TPM-based trusted / verified boot solution like tpmtotp or anti-evil-maid.
This is because these solutions rely on running code from initramfs before you enter decryption password. But if you have encrypted boot partition, you have to enter decryption password before loading initramfs, so it would be already too late for these solutions to have any effect (evil firmware / boot loader will already have your password at that point).
This can be fixed by implementing TPM support and
tpmtotporanti-evil-maidlike functionality directly in the boot loader.The question is if this is really needed? If you don't trust UEFI firmware, why should you trust TPM? But nevertheless it would be nice to have double-check against evil maids.
- UEFI (Secure_Boot) - https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot
- How to boot Linux using UEFI with Secure Boot? - https://ubs_csse.gitlab.io/secu_os/tutorials/linux_secure_boot.html