No Secure Boot / AEM

wvrbocv · October 11, 2023, 10:49pm

I wanted to switch to Qubes for the security by isolation, but one of the things that struck me was that there is no support for any form of secure boot. Sure, there is AEM but that is only available for devices with IME enabled, which mine (using dasharo UEFI) does not have. Considering it’s a desktop, if I was to go full paranoia I would like to know for sure that my hardware has not been altered with while I was away, and without this feature the whole security promise falls apart for me. Am I the only one that feels this way?

fsflover · October 12, 2023, 1:11pm

Hi @wvrbocv, welcome to the Community. Apart from AEM, one can also use Heads with Qubes. (You would need to have TPM in your hardware to use both, Intel ME is AFAIK not necessary.)

Secure boot support

opened 12:57PM - 04 Oct 18 UTC

jasperweiss

T: enhancement help wanted C: other security P: default

According the secure boot specification, users can enroll their own keys for sec…ure boot. If the QOS bootloader were signed, users could manually enroll the signing key within the UEFI. That would be a better anti evil maid system since it doesn't require the use of potentially untrusted USB keys. Since dom0 doesn't contain any 3rd party applications, we can enforce code signing on anything that runs within it. [This](https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html) blog post mentions secure boot being problematic due to running CA's etc but providing the user with a public key they can enroll manually would be doable. Edit: I'm aware the developers are generally not very fond of secure boot. Could anyone explain why? Alternatively a TPM could be used to unseal the drive encryption key. > Pre-OS firmware components are hashed (measured) Measurements are initiated by startup firmware (Static CRTM) Measurements are stored in a secure location (TPM PCRs) Secrets (encryption keys) are encrypted by the TPM and bounded to PCR measurements (sealed) Can only be decrypted (unsealed) with same PCR measurements stored in the TPM This chain guarantees that firmware hasn’t been tampered with

I am successfully using TPM with Heads and Librem Key on my Librem 14 to make sure my BIOS is not tampered with.

deceiver · October 12, 2023, 8:46pm

I was to go full paranoia I would like to know for sure that my
hardware has not been altered with while I was away

Without a defined threat model, ‘full paranoia’ can mean anything, so it
means nothing.

and without this feature the whole security promise falls apart for
me.

What ‘promise’ are you pointing to?