Signed built-in sysexts #3162
Signed built-in sysexts #3162
Conversation
The cryptsetup useflag is required for signing sysexts built with systemd-repart.
These packages are needed for building erofs sysexts using systemd-repart. It's from Gentoo commit 13f9c8d7911e07616d3bb17edd553c9f41d758da
Generate an ephemeral sysext signing key, that is injected into the image's sysext root of trust. All OS-dependent sysexts will be signed by this key and the private key (stored in /tmp) will be discarded on SDK container exit.
There was a problem hiding this comment.
Aside from the security model, I have one concern. systemd-repart only gained the ability to apply compression to erofs in v257, but as far as I can tell, this is only configurable through the repart.d files, which aren't used when creating DDIs. The built-in sysexts will therefore no longer be compressed. Maybe this doesn't matter because USR is already compressed via btrfs. It might even be a good thing as we avoid the double compression. Please compare the compressed size on a live Flatcar instance against an older instance.
We'll presumably need to do work on systemd to be able to publish signed and compressed sysexts in the bakery. CC @t-lo.
| @@ -46,6 +46,7 @@ DEPEND=" | |||
| sys-firmware/edk2-bin | |||
| sys-fs/btrfs-progs | |||
| sys-fs/cryptsetup | |||
| sys-fs/erofs-utils | |||
There was a problem hiding this comment.
| sys-fs/erofs-utils | |
| sys-fs/erofs-utils |
| @@ -1,4 +1,5 @@ | |||
| USE="cros_host expat man -pam" | |||
| USE="${USE} cryptsetup" | |||
There was a problem hiding this comment.
This could have consequences. What needs this, and could it be done against that specific package?
| @@ -64,6 +64,7 @@ src_prepare() { | |||
| validate_sig_key | |||
|
|
|||
| config_update 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' | |||
| config_update "CONFIG_SYSTEM_TRUSTED_KEYS=\"/usr/share/sb_keys/shim.pem\"" | |||
There was a problem hiding this comment.
I don't think you meant to include this, and this certificate should not be used in production builds.
| config_update "CONFIG_SYSTEM_TRUSTED_KEYS=\"/usr/share/sb_keys/shim.pem\"" |
| @@ -166,6 +166,7 @@ CONFIG_DM_SNAPSHOT=m | |||
| CONFIG_DM_THIN_PROVISIONING=m | |||
| CONFIG_DM_UEVENT=y | |||
| CONFIG_DM_VERITY=m | |||
| CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y | |||
There was a problem hiding this comment.
The certificate you're signing with is written to /usr/lib/verity.d, so you don't need this. The verification is done in userspace.
However, I have doubts about this security model. You're verifying sysexts in USR with a certificate in USR. Does that add anything, especially when USR's own integrity is already enforced by verity? Having the certificate in the kernel keyring may be a stronger model, but I'm not the best person to ask. @jepio, your input here would be appreciated.
There was a problem hiding this comment.
If we use this for the extensions that are downloaded on demand, it makes sense. For the ones itself stored in /usr it might be useful to have them also signed for enforcing a policy.
There was a problem hiding this comment.
We were going to have bakery sysexts use certificates in /etc/verity.d because we felt more flexibility was needed here. What if we need to rotate the certificate? Newer sysexts are supposed to work on older Flatcar releases.
Actually, I got that slightly wrong. The files in |
|
Build action triggered: https://github.com/flatcar/scripts/actions/runs/16727098596 |
Sign OS-dependent sysexts using an ephemeral key which is baked into the image.
The signed sysexts are generated using
systemd-repartand they are built as a DDI with a dm-verity partition and signature partition.TODO: determine if we enable the
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIGin this PR or separate (@chewi was planning to use this for the kernel move, but the plans have shifted now).How to use
Just enable any OS dependent sysexts, they should be verified using dm-verity has signature when loading.
Testing done
When you boot the built image, all built in sysexts (including OEM) should be signed. When booting, the systemd-sysext will merge them and verify the signature automatically. To merge again with explicitly stricter policy (which forces signed sysexts only), you can use the following command:
systemd-sysext refresh --image-policy="root=verity+signed+absent:usr=verity+signed+absent"See related sysext-bakery PR#175
changelog/directory (user-facing change, bug fix, security fix, update)/bootand/usrsize, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.