| 10verity | ||
| 20veritybook | ||
| quirks | ||
| 69-yubikey.rules | ||
| clonedisk.sh | ||
| excludelist.txt | ||
| logo.bmp | ||
| mkdelta.sh | ||
| mkimage.sh | ||
| mkrelease.sh | ||
| pkglist-min.txt | ||
| pkglist-sssd.txt | ||
| pkglist.txt | ||
| pre-pivot.sh | ||
| prepare-root.sh | ||
| README.md | ||
| squashfs-size.sh | ||
| systemd-udev-settle-dri.service | ||
| update.sh | ||
| VerityBook.fc | ||
| VerityBook.te | ||
VerityBook
Let's put all the fancy features together, we developed in the last years:
- Combined kernel+initramfs EFI binaries
- Secure Boot
- clevis with TPM2
- LUKS2
- dm-verity + squashfs root
- Flatpak
- flickerless boot
and build a Chromebook like Fedorabook, where you can install all software via Flatpak.
This is WIP. Please test and report issues, comments or missing components on https://pagure.io/Fedorabook/issues
Goals
- secure boot to the login screen
- immutable base OS
- ensured integrity to the login screen
- encrypted volatile data
- A/B boot switching for updates
- Flatpak
- basic desktop
- optional: bind encrypted data partition to TPM2
- optional: frequent reencryption of the data partition
Non-Goals
- can't secure against a remote attacker writing anything to disk
- can't secure against a remote attacker scraping secret keys from the kernel
FAQ
Isn't encrypting everything enough?
If a remote attacker modifies your binaries in /usr/bin, you cannot be sure of a secure boot to the login screen anymore.
Why readonly /etc?
A remote attacker modifying /etc can completely change your boot sequence and you cannot be sure of a secure boot to the login screen anymore.
All configurable files have been whitelisted and moved to /cfg.
TODO
- merge mkimage.sh and clonedisk
- move all quirks from prepare-root.sh to quirks directory
- source all quirks depending on package installation on command line options
- change partition UUIDs for /data
- UUID for TPM LUKS
- UUID for LUKS
- UUID for unencrypted xfs
- ensure /data to be on same disk as root
- add "load=" to kernel command line via efi stub
- add admin LUKS key via public key
- sssd
- support more clevis pins and mixed pins
- option to always clean data disk on boot
Complete / What works already?
- boot from single efi binary
- dm_verity + squashfs immutable, integrity checked root
- passwd + shadow + group + gshadow decoupled from system in /var
- bind LUKS2 with tpm2 to machine
- swap on LUKS2 with tpm2 (no password for resume from disk??)
- /home /cfg and /var on single data partition
- Secure Boot
- selinux
- firmware update (works, but needs a secure boot signed fwup*.efi)
Known Failures
- systemd: failed to umount /var
- needs a ´´´restorecond -FmvR /cfg /var /home´´´ after first boot, because systemd-tmpfiles does not seem to restore all context
- vga switcheroo is not accessible for lockdown=1, because the kernel does not allow access to /sys/kernel/debug
Create
Prepare the Image
For reproducible squashfs builds use https://github.com/squashfskit/squashfskit. Clone it in the main VerityBook directory and build it.
$ sudo ./prepare-root.sh \
--pkglist pkglist.txt \
--excludelist excludelist.txt \
--name VerityBook \
--logo logo.bmp \
--reposd <REPOSDIR> \
--releasever 29
This will create the following files and directories:
VerityBook- keep this directory around for updates (includes needed passwd/group history and rpmdb)VerityBook-29.<datetime>- the resultingVerityBook-latest.json- a metadata file for the update server
or download a prebuilt image,
unpack and use this as <IMGDIR>.
Sign the release
Get efitools. Compile and create your keys.
Copy LockDown.efi DB.key DB.crt from efitools to the veritybook directory.
Rename DB.key DB.crt to VerityBook.key and VerityBook.crt
Optionally copy Shell.efi (might be /usr/share/edk2/ovmf/Shell.efi) to the veritybook directory.
$ sudo ./mkrelease.sh VerityBook-latest.json
then upload to your update server:
$ TARBALL="$(jq -r '.name' VerityBook-latest.json)-$(jq -r '.version' VerityBook-latest.json)".tgz
$ scp "$TARBALL" VerityBook-latest.json <DESTINATION>
QEMU disk image
$ sudo ./mkimage.sh <IMGDIR> image.raw
or with the json file:
$ sudo ./mkimage.sh VerityBook-latest.json image.raw
USB stick
$ sudo ./mkimage.sh <IMGDIR> /dev/disk/by-path/pci-…-usb…
or with the json file:
$ sudo ./mkimage.sh VerityBook-latest.json /dev/disk/by-path/pci-…-usb…
Install from USB stick
Warning: This will wipe the entire target disk
Preparation
- Enter BIOS
- turn on UEFI boot
- turn on TPM2
- set a BIOS admin password
- Enter BIOS boot menu
- Select USB stick
- Login (user: admin, pw: admin)
- Start gnome-terminal
Installation
If you can encrypt your disk via the BIOS, do so.
If you cannot:
- use the option
--crypttpm2, if you have a TPM2 chip - use the option
--cryptotherwise
$ sudo veritybook-clonedisk <options> <usb stick device> <harddisk device>
Post
- reboot
- remove stick
The first boot takes longer as the system tries to bind the LUKS to the TPM2 on the machine.
It also populates /var with the missing directories.
You can always clear the data partition via:
# wipefs --all --force /dev/<disk partition 5>
and then either make a xfs
# mkfs.xfs -L data /dev/<disk partition 5>
or LUKS
# echo -n "zero key" | cryptsetup luksFormat --type luks2 /dev/<disk partition 4> /dev/stdin
# echo -n "zero key" | cryptsetup luksFormat --type luks2 /dev/<disk partition 5> /dev/stdin
On the media created with mkimage.sh, this is partition number 3.
Post Boot
Persistent journal
$ sudo mkdir /var/log/journal
LUKS
Set a new LUKS password, if you installed with --crypt or --crypttpm2.
The initial password is zero key.
Updating
# systemd-inhibit veritybook-update <UPDATE-URL>
Secure Boot
Warning: This will wipe all the secure boot keys. Make sure the BIOS contains an option to restore the default keys.
- Enter BIOS
- turn on Secure Boot
- turn on Setup Mode
- Boot from stick with Shell.efi and LockDown.efi
- Execute LockDown.efi
- reset
- Secure Boot into signed VerityBook release