diff options
-rw-r--r-- | index.mdwn | 124 |
1 files changed, 50 insertions, 74 deletions
@@ -1,24 +1,44 @@ [[!meta title="Bootless: evil-maid mitigator"]] -- Bootless is a scheme allowing a computer with encrypted disk to stay without attached bootloader in order to make more difficult to tamper the initialization process. -- Bootless is a bootloader installed in a removable media and used to initialize computers. -- It is based on [git-annex](http://git-annex.branchable.com/) and [GNU Grub](https://www.gnu.org/software/grub/). -- Initial support is targeted to Debian like operating systems. +Bootless is a scheme allowing a computer with encrypted disk to stay without +attached bootloader in order to make more difficult to tamper the initialization +process. Bootless is a bootloader installed in a removable media and used to +initialize computers. -Index ------ - -[[!toc levels=4]] +- License: [GPLv3+](LICENSE) +- [References](references) +- Contact: rhatto at riseup.net Design ------ -We consider that the user has at least a single USB thumb drive which will be used to boot multiple operating systems in multiple machines for multiple different projects/farms (personal, work, hackerspace, etc). Then, the bootless ecosystem will be composed of several repositories glued together: +The user has at least one USB thumb drive which will be used to boot multiple +operating systems in multiple machines for multiple different projects/farms +(personal, work, hackerspace, etc). + +The `bootless` application wraps around `grub-mkrescue` to create a USB +bootdisk with preloaded custom configuration and optional kernel and initramfs +images. + +Dependencies +------------ + +- [GNU Grub](https://www.gnu.org/software/grub/). +- Reference implementation is targeted to Debian like operating systems. +- Optionally use git and [git-annex](http://git-annex.branchable.com/) to manage your repository and images. + +Installation +------------ -1. The bootless software repository (if you did not installed it using a package). -2. Main repository, used to glue together the repositories that follows. -3. Bootloader repository (eg. GRUB modules). Does this need to be manager by git or can be generated using grub? -4. Image repositories (can be multiple repositories). +Don't want to install another piece of software and prefer to build a bootless +rescue disk yourself? Then read about the [barebones approach](barebones). + +Just clone + + git clone https//git.fluxo.info/bootless + +And then leave it somewhere, optionally adding it to your `$PATH` environment +variable or package it to your preferred distro. Current workflow ---------------- @@ -28,7 +48,6 @@ Based on the [Hydra Suite](https://hydra.fluxo.info). Creating the repository: hydra example bootless init admin.example.org:bootless.git - hydra example bootless make /dev/sdb1 hydra example bootless git pull hydra example bootless git commit -a @@ -36,9 +55,9 @@ Creating an image: hydra example bootless image -Create image file and record: +Create image file: - hydra example bootless image output.img /dev/sdb + hydra example bootless image output.iso Record directly: @@ -49,76 +68,33 @@ Proposed workflow Initialize: - bootless init <folder> - -Include an image repository: - - bootless add name <path|url> + bootless init <folder> [repository] -Check repository signatures: +Create an image: - bootless check - -Remove an image repository: - - bootless rm name + boootless image <folder> output.iso Write image to thumb drive - boootless image <device> - -TODO ----- - -- Full Disk Encryption support. -- Document `cryptopts` ([1](http://www.c3l.de/linux/howto-completly-encrypted-harddisk-including-suspend-to-encrypted-disk-with-ubuntu-6.10-edgy-eft.html), [2](http://manpages.ubuntu.com/manpages/lucid/man8/initramfs-tools.8.html), [3](http://solvedlinuxissues.blogspot.com.br/2011/11/encrypted-ubuntu-filesystem-on-logical.html), [4](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147), [5](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358452)), see `/usr/share/doc/cryptsetup/README.initramfs.gz` for details. -- Split bootless script from hydra suite but preserve integration. -- Add pre-built and signed images. -- Integrate with [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html). - -Contact -------- - -Write to rhatto at riseup.net. - -References ----------- - -Grub: - -- [Bootable grub USB stick (EFI and BIOS for Intel)](http://debian-administration.org/users/dkg/weblog/112). -- [Grub2](https://help.ubuntu.com/community/Grub2) (Ubuntu Help). -- [GRUB2 Manual](http://grub.enbug.org/Manual) (Wiki). -- [Using GRUB to Set Up the Boot Process](http://www.linuxfromscratch.org/lfs/view/development/chapter08/grub.html). -- [GNU Grub Manual](http://www.gnu.org/software/grub/manual/grub.html). + boootless image <folder> <device> -Boot: +Check device/image signatures: -- [Auto-booting and Securing a Linux Server with an Encrypted Filesystem](http://serverfault.com/questions/34794/auto-booting-and-securing-a-linux-server-with-an-encrypted-filesystem). -- [Smartmonster](https://github.com/ioerror/smartmonster) / [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). -- [#348147 - Allow subscripts to alter ROOT (was: Add support for cryptoroot) - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147) ([crypt_root and real_root on gentoo](http://wiki.gentoo.org/wiki/Genkernel)). + bootless check <folder> <device> -Images: +Threat Model +------------ -- [How can I mount a disk image?](http://superuser.com/questions/344899/how-can-i-mount-a-disk-image). -- [GRUB 2 - OSDev](http://wiki.osdev.org/GRUB_2): instalando o grub em várias mídias distintas. -- [Disk mounting](http://www.noah.org/wiki/Disk_mounting). -- [Loop-mounting partitions from a disk image](http://madduck.net/blog/2006.10.20:loop-mounting-partitions-from-a-disk-image/). +Does bootless mitigate all types of Evil Maid attacks? No: -UEFI: +1. It just reduces it attack surface by placing the bootloader away from the physical machine and recommending you to use Full Disk Encryption (FDE) to store your operating system, swap and data. -- [gummiboot](http://freedesktop.org/wiki/Software/gummiboot/). -- [booting a self-signed Linux kernel | The Linux Foundation](http://www.linuxfoundation.org/news-media/blogs/browse/2013/09/booting-self-signed-linux-kernel). +2. Infection is still possible in plenty of unencrypted/unauthenticated software residing in the machine, such as BIOS, network firmware and potential backdoors such as Intel's AMT/ME. -Security: +Additional mitigations: -- [implementing the evil maid attack on linux with Luks - Pollux's blog](https://www.wzdftpd.net/blog/index.php?post/2009/10/28/44-implementing-the-evil-maid-attack-on-linux-with-luks). +3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter. -Full Disk Encryption: +4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for open hardware and try to build stuff yourself :P -- [Grub Crypt · Grub with crypto enhancments](http://grub.johnlane.ie/). -- [Yet Another Full Disk Encryption with Ubuntu 11.10 | On Science and Technology](https://archimedesden.wordpress.com/2011/10/21/yet-another-full-disk-encryption-with-ubuntu-11-10/). -- [MissingLink.xyz - Tutorial: GRUB2 Cryptomount](http://missinglink.xyz/grub2-bootloader/understanding-grub2-cryptomount/). -- [Ubuntu Full Disk Encryption (FDE) with encrypted /boot](http://missinglink.xyz/security/tutorial-debianubuntu-full-disk-encryption-luks-fde-including-encrypted-boot/) -- [Full disk encryption with LUKS (including /boot) · Pavel Kogan](http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/). -- [Full-Crypto setup with GRUB2](http://michael-prokop.at/blog/2014/02/28/full-crypto-setup-with-grub2/) +- Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)) or [smartmonster](https://git.fluxo.info/smartmonster). |