Adding boot signature checking to package-based OSes
Publication Date: 2015-Oct-27
The IP.com Prior Art Database
Today Linux RPMs can be signed but once installed, the signature protection is lost and it is not possible to find out if the RPM has been replaced or the RPM database manipulated at runtime. This means that the database itself it is not protected.
Page 01 of 3
Adding boot signature checking to package -
Disclosed is a method to add signatures to package based Operating Systems. Today methods like
• Signed RPM • Secure booting with UEFI and TPM • Tripwire • Game systems
are used to protect the Operating System from being tampered or that contents are read. Each of the current approaches does not cover all the aspects to protect the Operating System and the contained intellectual property, they have a huge administrational overhead to achieve this or the approach have a completely different build approach compared to a typical Operating System today.
The basic idea of the disclosed method consist of adding signature checking while non interfering with standard Linux life cycle management. This allows a build without having changes in how Linux packages and images are created. The signatures of files are automatically generated at build time and delivered as part of the RPM. Furthermore checking of the integrity of the Linux file system is done by using a secured boot loader (TPM) that consumes the signatures delivered via the RPM. So there is no influence and overhead on the Operating System runtime.
RPM Build time
1. Build the RPM in as today 2. Create a signatures file for the RPM
o For each file in the RPM include file path and hash
o Sign the signature file
c93433dc535bc0ba89afc2ca829eeec5 /usr/bin/foo 983bd8cd79b09cd2ca2f5f78ed5801be /etc/lib/libfoo.so o File signed with vendor private key
3. Add file to the RPM
4. Fixed path: /var/lib/rpmSignatures
Page 02 of 3
Image Build Time
• An image is created combining several RPMs
• Extensions of the idea:
o Define a list of white-lists files/folders
White-list files are allowed to be modified without being considered tampering
Example: config files such as /etc/resolv.conf
White-listed folders are allowed to get new files
Example: /var/log or /home
o Sign white-list list and put it in an RPM
Use a fixed fol...