Linux

8376 readers

322 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

New Linux Security Flaw Uses Initramfs to Inject Malware (www.omgubuntu.co.uk)

submitted 5 days ago by cm0002@programming.dev to c/linux@programming.dev

28 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Infernal_pizza@lemmy.dbzer0.com 21 points 5 days ago (7 children)

If someone has physical access then surely they can change the initramfs without having to use the debug shell?

[–] 9tr6gyp3@lemmy.world 6 points 4 days ago* (last edited 4 days ago) (6 children)

It seems the issue here is that initramfs is not signed, which makes this attack possible.

If it is signed and an evil maid modifies the initramfs itself, it will break the secure boot process and the user will be notified that their system has been tampered with. This should indicate that the secure boot protection is working.

If initramfs is not signed and it drops to the debug shell, then the attacker can make any changes to your system without it affecting secure boot, since it has already passed the protection. At least that's my understanding when I read this.

[–] Infernal_pizza@lemmy.dbzer0.com 1 points 4 days ago (1 children)

That makes sense. Would a signed initramfs be possible though? Since it's usually rebuilt after most system updates?

[–] 9tr6gyp3@lemmy.world 2 points 4 days ago

Depends on the OS, but you can generally have mkinitcpio handle generating new UKIs after updates and also have it trigger something like sbctl to re-sign images.

load more comments (4 replies)