Let’s say I’m downloading the Qubes ISO from a potentially compromised network, and therefore the computer that’s on this network could also be compromised.
What would be the best practice to assure that the machine isn’t faking the verification of the ISO?
You can verify the signing key
Right, but it also says: Installation security | Qubes OS
“You should verify the PGP signature on your Qubes ISO before you install from it. However, if the machine on which you attempt the verification process is already compromised, it could falsely claim that a malicious ISO has a good signature. Therefore, in order to be certain that your Qubes ISO is trustworthy, you require a trustworthy machine. But how can you be certain that machine is trustworthy? Only by using another trusted machine, and so forth.”
Now, personally if I don’t know if my machine isn’t secure, how can I trust someone else, or any manufacture? Am I to just accept that my ISO which is verifying as legit, is safe?
I guess my other question would be, for an attacker to falsify a signature, wouldn’t that be a rather sophisticated attack? Especially, since they would’ve need to accommodate that the user would install Qubes.
You have to take a leap of faith and start the chain of trust at some point.
I would consider it a sophisticated attack.
Thanks for entertaining my questions by the way.
Seems like the only way to start the chain of trust all over again would be:
The only issue with that is finding a manufacturer that you trust. Potentially thinkpads with Qubes already preinstalled maybe.
Yet, you (nor anyone else, obviously) didn’t ask how can you trust to burn that ISO to an USB stick, to install Qubes from that very stick, only to create sys-usb (during install, or later manually) because you don’t trust any USB, including that very stick…
There are several different steps, all of which are covered in the docs. In broad strokes, one step is to make sure you have the genuine QMSK (which in turn allows you to ensure you have a genuine RSK and a genuine ISO hash), while the other is to make sure that the installation medium you use has a genuine Qubes ISO (which you accomplish using the aforementioned RSK and hash).
Both can be handled in similar ways. You can download the QMSK or its fingerprint from many different computers (e.g., friend’s, library’s, work’s, internet cafe’s) over many different internet connections (e.g., Tor, VPN, public Wi-Fi, friend’s place, work). If you get the same QMSK/fingerprint everywhere, then your adversary would’ve had to somehow compromise all of those different computers and/or networks in order to feed you the same forged key/fingerprint everywhere. The more different channels, the less likely that this is what happened, and the costlier such an attack would be.
As for the installation medium, you can copy the authenticated ISO onto a physically write-protected USB drive with signed and/or non-reflashable firmware, flip the write-protect switch, then re-verify the hash or PGP signature of that ISO on the drive on many different computers (e.g., friend’s, library’s, work’s, internet cafe’s). Again, the idea is that your adversary would have to compromise all those other devices in order to make it appear that his forged ISO was successfully re-verified on every device.
For example, when you hash your USB drive’s data on a computer at the library, it will output some hash value. You can then compare that hash value to the one you know is genuine, which you wrote down earlier. If your ISO were compromised, then your adversary would have to make that computer show you a different hash than the actual hash of the data on your USB drive. But in order to do that, he would have to compromise that computer. If you check on every computer at the library, then your adversary has to compromise every computer at the library, or else you will eventually get a different result. Likewise if you repeat the process at work, at your friend’s house, at a random internet cafe, and so on. The cost for your adversary goes up the more you do this. At some point (probably much earlier than described here), it becomes sufficiently far-fetched that any adversary could’ve compromised all these different computers and networks that you accept that the ISO on your USB drive is likely enough to be genuine for you to feel comfortable proceeding.