Browse Prior Art Database

Adding boot signature checking to package-based OSes

IP.com Disclosure Number: IPCOM000243901D
Publication Date: 2015-Oct-27
Document File: 3 page(s) / 36K

Publishing Venue

The IP.com Prior Art Database

Abstract

Today Linux RPMs can be signed but once installed, the signature protection is lost and it is not possible to find out if the RPM has been replaced or the RPM database manipulated at runtime. This means that the database itself it is not protected.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

Adding boot signature checking to package -

Summary

Disclosed is a method to add signatures to package based Operating Systems. Today methods like

• Signed RPM • Secure booting with UEFI and TPM • Tripwire • Game systems
• Antivirus

are used to protect the Operating System from being tampered or that contents are read. Each of the current approaches does not cover all the aspects to protect the Operating System and the contained intellectual property, they have a huge administrational overhead to achieve this or the approach have a completely different build approach compared to a typical Operating System today.

The basic idea of the disclosed method consist of adding signature checking while non interfering with standard Linux life cycle management. This allows a build without having changes in how Linux packages and images are created. The signatures of files are automatically generated at build time and delivered as part of the RPM. Furthermore checking of the integrity of the Linux file system is done by using a secured boot loader (TPM) that consumes the signatures delivered via the RPM. So there is no influence and overhead on the Operating System runtime.

Embodiment

RPM Build time

1. Build the RPM in as today 2. Create a signatures file for the RPM
o For each file in the RPM include file path and hash
o Sign the signature file
Example: foo.rpm.signatures:
Content:
c93433dc535bc0ba89afc2ca829eeec5 /usr/bin/foo 983bd8cd79b09cd2ca2f5f78ed5801be /etc/lib/libfoo.so o File signed with vendor private key
3. Add file to the RPM

4. Fixed path: /var/lib/rpmSignatures

Using rpmrebuild[*]

-based OSes

based OSes

1


Page 02 of 3

Image Build Time


• An image is created combining several RPMs

• Extensions of the idea:
o Define a list of white-lists files/folders

      White-list files are allowed to be modified without being considered tampering
Example: config files such as /etc/resolv.conf
White-listed folders are allowed to get new files
Example: /var/log or /home
o Sign white-list list and put it in an RPM

           Use a fixed fol...