ToDo for Developers

From Kicksecure
< Dev
Jump to navigation Jump to search

TODO

TODO DEV[edit]

pam_faillock ticket[edit]

`/etc/pam.d/sudo`

```
#%PAM-1.0

# Set up user limits from /etc/security/limits.conf.
session    required   pam_limits.so

@include common-auth
@include common-account
@include common-session-noninteractive
```

`/etc/pam.d/sudo-i`

```
#%PAM-1.0

# Set up user limits from /etc/security/limits.conf.
session    required   pam_limits.so

@include common-auth
@include common-account
@include common-session
```

----

`/etc/sudoers.d/upgrade-passwordless`

```
%sudo ALL=NOPASSWD: /usr/bin/apt-get-update-plus dist-upgrade
```
  • May be useful, but I don't believe it is necessarily useful right now. Would like to wait for now.
    • Patrick: Agreed because this bug seems to be a sudo bug instead and was reported against sudo.
  • Ticket can be archived.

desktop-config-dist - livecheck - rd.live.image[edit]

  • FYI: this is now fixed in git. no more patch for live-build required. livecheck should now work out of the box (no matter if old or new live-build kernel parameters)
  • FYI only. Ticket can be archived.
  • arraybolt3: I haven't archived this yet since it doesn't seem to actually be working in my ISO builds and I'm not sure why.

ISO - port to live-build[edit]

livecheck - FYI - rd.live.image kernel parameter detection broken[edit]

  • fixed in git
  • FYI only
  • please archive this ticket

live-build - boot-time scripts handling[edit]

  • boot-time scripts aren't marked as executable
  • the boot-time scripts are an implementation detail of the live-build config (used to set the default shell to ZSH and change the username from "Debian live user" to "Kicksecure live user")
  • should be done by to /packages/
    • arraybolt3: This cannot be done by /packages/ because these scripts are installed by live-build and are not vendored as a package. This is the recommended way of doing things in live-build, see https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-contents.en.html#customizing-contentsarchive.org section "9.2.3 Boot-time hooks"
    • Patrick:
      • Where is the source code for these scripts?
        • arraybolt3: Integrated in derivative-maker/build-steps.d/2800_create-lb-iso.
      • Can we avoid using some of these scripts? Is this a missing live-build feature? If it is what I vaguely remember before, these could be disabled with a symlink to /dev/null inside the configuration folder.
        • arraybolt3: The scripts are custom-written for the ISO, and have two purposes - one of them renames "Debian live user" to "Kicksecure live user", the other one changes the default shell in the ISO live environment from bash to zsh.
      • Switching default shell from bash to zsh is already implemented in dist-base-files debian/dist-base-files.postinst. It also supports configuration, simplifies customized builds / forks. Doing this in dist-base-files as well as on the live-build level, adds extra complexity, which should be avoided.
        • arraybolt3: Doing this in a package requires shipping files under /lib/live/config. This is because the live session user on the ISO is actually created at ISO boot time, not at build time. As a result the user's default shell and most of the user configuration is controlled by live-build boot-time hooks, which are located in /lib/live/config. Technically this is doable, but it diverges from the documented method described in live-build's manual.

live-build - avoid scripting at calamares level - avoid /etc/calamares/modules/shellprocess_useradd.conf[edit]

  • Can this be done at /packages/ level instead please?
    • Very difficult. live-build ISOs generate the user account on the ISO at boot time, meaning that after an initial Calamares installation, the installed system has no usable user account. Creating one requires either using the Calamares users module (which as previously discussed is undesirable) or requires a hook similar to what is implemented with shellprocess_useradd.conf.
  • Already implemented in dist-base-files debian/dist-base-files.postinst
    • This should not be implemented here. This method of implementation is fundamentally incompatible with live-build, and the only reason it hasn't caused issues is because the logic disables itself when not running under Qubes or derivative-maker, and when live-build is running it obscures the use of derivative-maker from the package.
  • Better to keep it there due to planned changes. (User "user" will no longer be a member of group "sudo" and a new user "admin" will be introduced.) Otherwise having two places to maintain this would complicate things.
    • Can it be moved to live-config-dist and maintained there going forward?

live-build - avoid live-build specific boot splash[edit]

  • https://github.com/ArrayBolt3/derivative-maker/blob/arraybolt3/live-build/live-build-data/splash.svgarchive.org
  • Avoidable? Can be done in /packages/ instead please?
    • Difficult to avoid, the splash screen is dynamically modified by live-build at build time, and is sourced from live-build's configuration directory at build time (live-build does not use packages installed under the chroot to find this). The entirety of the bootloader configuration is done without use of packages installed in the built system as I understand it.
  • there are later tasks for GRUB boot menu styling
    • This has to be dealt with now because otherwise we risk causing confusion to end-users. The default GRUB splash on live-build ISOs uses a strange construction hat logo, and states that the ISO is specifically Debian. Not changing this screen could even be legally problematic as the name "Debian" is a trademark. (https://www.debian.org/trademarkarchive.org) This GRUB screen is also specific to live-build and should not be used for installed systems. Debian uses separate GRUB screens for installed systems and live-build ISOs.
  • live-config-dist uses to add "Live ISO" to grub boot menu in https://github.com/Kicksecure/live-config-dist/blob/master/etc/default/grub.d/40_live-config-dist.cfgarchive.org - possible to do the same with live-build?
    • This file should probably be deleted once live-build becomes the default ISO build mechanism. Similar to dist-base-files.postinst, this is a way of doing things that fundamentally doesn't work with live-build.
  • Figure out what unicode is in the splash screen SVG and remove it if at all possible

live-build - path may be being set in a non-ideal fashion[edit]

  • $source_code_folder_dist/live-build for the git sub module (our fork) (pristine source code)
  • $dist_binary_build_folder/live-build should be used for the "config" folder (which will contain binaries after running live-build) (can be safely deleted and re-created using derivative-maker)
    • arraybolt3: currently using $dist_binary_build_folder/kicksecure-live-build for this, change to use live-build name instead

live-build - source code integration into derivative maker[edit]

  • assume at in derivative-maker/live-build

live-build - investigate options[edit]

  • because it contains options and todo
  • (originally from build-steps.d/1350_create-iso-config)
  • not all comments might be needed. some of my comments might be superfluous / obvious.

new (commented): 

## Should not be done at live-build level if avoidable? Better done in package live-config-dist as /etc/default/grub.d drop-in
   #--bootappend-live PARAMETER|"PARAMETERS"
   # arraybolt3: Cannot be done via a package as the bootloader config for the ISO is set directly by live-build. Instead, source grub.d scripts from security-misc at build time and use variables from there to set the bootappend value.
   # Patrick: Not only security-misc is setting grub configuration. Also other packages do or might in the future. Therefore all of /packages/ folder needs parsing.
   # arraybolt3: TODO need to fix this

old: 

   ## folder derivative-maker/live-build can be re-created using:
   ## 2. help-steps/live-config

   ## TODO: cleaner to not have these? better for reproducible builds?
   #--apt-indices false
   # arraybolt3: Added.

## Kicksecure enabled backports by default so live-build does not need to
## (kicksecure ships /etc/apt/sources.list.d/debian.list static file in package anon-apt-sources-list)
   #--backports true|false
   # arraybolt3: Left unset, seems to work.


## Probably not needed.
   #--checksums md5|sha1|sha224|sha256|sha384|sha512|none
   # arraybolt3: left unset
   #--debian-installer cdrom|netinst|netboot|businesscard|live|none
   # arraybolt3: This MUST be set to "--debian-installer=live" (different values other than "none" may also work?). Not doing so results in the on-CD apt repo that contains bootloader packages not being created, and alternate ways of making that repo ended up erroring out in my experiments.

   ## Kicksecure enables fasttrack repository by default. If build works, probably not needed.
   #--keyring-packages PACKAGE|"PACKAGES"
   # arraybolt3: left unset, but perhaps it should be set to include the fasttrack repository key. Currently I'm using "--debootstrap-options" to include it.

   #--cache-stages "bootstrap rootfs"
   # arraybolt3: left unset. This automatically "just works".

## For cross-build support.
   # --architecture "$dist_build_target_arch"
   # arraybolt3: Note that for cross builds to work, this must be paired with "--bootstrap-qemu-arch" if building for a foreign architecture like arm64. Needs testing.

   # --distribution "$dist_build_apt_stable_release"
   # arraybolt3: set.

## TODO: should we keep as is (Debian default) for better compatibility or set to
##       $SHORT_VMNAME / $VMNAME (already defined in help-steps/variables) to avoid conflicts with Debian (dual-boot)?
   # --hdd-label LABEL
   # --image-name NAME
   # --iso-application NAME
   # --iso-publisher NAME
   # --iso-volume NAME
   # arraybolt3: all are now set

## Not applicable?
   # --hdd-size SIZE
   # arraybolt3: for ISO build, not applicable

## TODO: source not needed
   # --source
   # arraybolt3: left unset, defaults to false.

## yes. not bothering/mixing any other bootloaders such as isolinux (except shim, which live-build handles automatically)
   # --bootloaders grub-efi
   # arraybolt3: left unset, live-build figures this out automatically and generates an ISO that is both BIOS-bootable and UEFI-bootable with GRUB by default.

## already existing variable
  # --linux-packages "$BUILD_KERNEL_PKGS"
  # arraybolt3: set.

## already existing variable
## usability feature
## we want kernel headers installed by default (required for tirdad compilation (has a dependency); virtualbox guest utils (lacks dependency))
## probably
   # --linux-packages "$BUILD_HEADER_PKGS"
   # arraybolt3: set.

## We can probably set this because we cache using <code>${REPO_PROXY}</code>? Double caching not useful?
## This option might have side effects.
   # --cache-packages false
   # arraybolt3: set `--cache false`.

   ## TODO: Does this work? Is our apt-cache-ng (already existing variable ${REPO_PROXY}) functional?
   # --apt-ftp-proxy "${REPO_PROXY}"
   # --apt-http-proxy "${REPO_PROXY}"
   # arraybolt3: set, but unsure if it actually works yet

## important. using apt with --no-install-recommends
## but not setting and apt config file for the user
      # --apt-recommends false \
      # arraybolt3: already set.

## if using debootstrap
## important because we pull packages using packaging not using $debootstrap or live-build
      # --debootstrap-options "--variant=minbase" \
      # arraybolt3: set.

## if using mmdebstrap
## '--variant=required' is only supported by 'mmdebstrap'. It might not be supported by 'debootstrap'.
      # --debootstrap-options "--variant=required" \
      # arraybolt3: "required" and "minbase" appear to be treated identically by mmdebstrap, therefore not setting this.

## same as above
   # --firmware-binary false
   # --firmware-chroot false
   # arraybolt3: already set.

## Seems correct.
      # --binary-image iso-hybrid \
      # arraybolt3: set.


   lb config \
      --distribution "$dist_build_apt_stable_release" \
      --mirror-binary "$dist_build_apt_sources_mirror" \
      --mirror-binary-security "$dist_build_apt_sources_security_mirror" \
      --mirror-bootstrap "$dist_build_apt_sources_mirror" \
      --mirror-chroot "$dist_build_apt_sources_mirror" \
      --mirror-chroot-security "$dist_build_apt_sources_security_mirror" \
      --mirror-debian-installer "$dist_build_apt_sources_mirror" \
      --parent-mirror-binary "$dist_build_apt_sources_mirror" \
      --parent-mirror-binary-security "$dist_build_apt_sources_security_mirror" \
      --parent-mirror-bootstrap "$dist_build_apt_sources_mirror" \
      --parent-mirror-chroot "$dist_build_apt_sources_mirror" \
      --parent-mirror-chroot-security "$dist_build_apt_sources_security_mirror" \
      --parent-mirror-debian-installer "$dist_build_apt_sources_mirror" \
      --archive-areas "main contrib non-free non-free-firmware" \
      # arraybolt3: set.



## use $dist_build_apt_stable_release instead of hardcoded "bookworm"
    --distribution "bookworm"
    # arraybolt3: no longer hardcoded.

## probably needed? same as Kicksecue default APT sources archive areas
## should we get this by parsing? in buildconfig.d/25_apt_sources.conf
    --archive-areas "main contrib non-free non-free-firmware" \
    # arraybolt3: set. Getting from 25_apt_sources.conf is not ideal because it does not have a simple variable that can be used for this purpose. 

## sources not needed
    --apt-source-archives false \
    # arraybolt3: set.
    --source false \
    # arraybolt3: defaults to false, does not need set.

## zsync not used
    --zsync false \
    # arraybolt3: set.

## useful? irrelevant?
    # --chroot-filesystem ext4 \
    # --binary-filesystem ext4 \
    # arraybolt3: both seem irrelevant.

## useful to see what is going on. why not.
    # --verbose \
    # --debug
    # arraybolt3: set.

## sanity testing and nice to compare logs
lb config --dump
lb config --validate
# arraybolt3: integrated.

## better verbose than not knowing what is going on
lb build --verbose --debug
# arraybolt3: integrated.

live-build - build raw images[edit]

Building fully persistent images? Replacing grml-debootstrap? 

--system normal
--binary-image hdd

Useful? Low priority? arraybolt3: this would potentially be very useful, will investigate.

live-check - run once only[edit]

  • to avoid log spam (passwordless root)
  • create a done file in folder /run/user/$USER so the livecheck script does not run sudo over and over again

audio[edit]

audio generally[edit]

VirtualBox Intel HD Audio and PipeWire Incompatibility / Audio broken after increasing ram to 5 GB / No sound after latest updates - PipeWire Bug?[edit]

automation of tb-updater hardcoded version number update[edit]

  • example of what is currently done manually:
  • post in forums can probably one day be avoided when there is packages.kicksecure.com which makes version numbers, changelogs more easily accessible including a "news blog" of recent changes
  • On the surface, making this fully automated would likely require making commits to code in an automated fashion. This is a bit worrying to me since it requires a machine to have access to a non-password-protected, trusted GPG key that is used to automatically sign commits. This would potentially be a valuable target for an attacker, and could potentially introduce supply-chain attacks. Would it be sufficient to make this able to alert a sufficiently trusted person that it's time to update the version numbers? This could be combined with a tool that will update the version number to whatever is appropriate with a single command, allowing an administrator to simply run the command, verify the diff is correct, then commit and push.

calamares - change to BTRFS by default - including subvolumes[edit]

Kicksecure grub-theme[edit]

Whonix grub-theme[edit]

review and refactor meta packages[edit]

Split the security-misc into security-misc-shared, security-misc-desktop and security-misc-server[edit]

Kicksecure Firewall[edit]

https://forums.kicksecure.com/t/kicksecure-firewall/378/10archive.org

Meta Packages, Kicksecure, Whonix - Desktop versus Server[edit]

https://forums.kicksecure.com/t/meta-packages-kicksecure-desktop-versus-kicksecure-server/415archive.org

Secure Mount Options for better Security Hardening[edit]

wipe video RAM[edit]

Tor 0.4.8.9 broken in combination with vanguards[edit]

Implement live mode with 90overlayfs[edit]

VirtualBox serial console[edit]

KVM related[edit]

KVM - 3D Graphics Acceleration - SPICE - Testing - drm[edit]

KVM - 3D Graphics Acceleration - Performance Test - Display SDL[edit]

KVM - 3D Graphics Acceleration - Performance Test - Display GDK[edit]

apparmor.d review[edit]

WAITING ON[edit]

kloak - add Qubes support[edit]

Aaron:

kloak - Qubes support - consider using Qubes API for orchestration[edit]

kloak - Qubes support - implement kloak within qubes-gui-daemon[edit]

live-build - local repository support[edit]

live-build - add mmdebstrap support[edit]

live-build - use APT with error-on-any[edit]

  • use option apt --error-on=any for all invocations of apt-get (update)
  • only needed for apt-get update, otherwise superfluous but non-issue
  • this is a security feature
  • this is to prevent inconsistent images that succeeded connecting to the "normal" repository but failed to connect to the security repository
  • can be implemented using already existing live-build option --apt-options OPTION|"OPTIONS"?
  • Requires a patch to live-build. Using --apt-options results in a build failure with E: Command line option --error-on=any is not understood in combination with the other options
  • Patch written, submitted upstream as https://salsa.debian.org/live-team/live-build/-/merge_requests/371archive.org. New configuration option now used in my branch of live-build.

security-misc - investigate PAM[edit]

  • there is /etc/pam.d/sudo-i for interactive and /etc/pam.d/sudo
  • pam has concepts of common-session-noninteractive vs common-session (non-interactive)
  • how could we on the PAM level notice if faillock is used interactively or non-interactively?
  • if non-interactive, skip faillock
  • if interactive, do not skip faillock
  • Bug report: https://github.com/linux-pam/linux-pam/issues/842archive.org

REVIEW PLEASE[edit]

automate VirtualBox version update in the wiki[edit]

live-build - fork of live-build[edit]

live-build - use derivative-maker variable APT_OPTIONS[edit]

  • for reference, see derivative-maker help-steps/variables APTGETOPT, APTGETOPT_ALT, APTGETOPT_WITHOUT_APT_CACHE
  • set live-build APT_OPTIONS to APTGETOPT
  • these include --error-on=any and more
  • Added.

live-build - keep generated live-build folder out of source code folder[edit]

  • treat "lb config" as pristine/source code
  • place live-build folder in ~/derivative_binary folder (use already existing variable binary_build_folder_dist)
  • reason: live-build mixes config and binaries inside the same folder

This is how it was done in the past: 

   mkdir --parents "$binary_build_folder_live_build"
   cd "$binary_build_folder_live_build"
  • live-build config is autogenerated at build time now.

fix broken recovery mode[edit]

  • Recent Kicksecure ISOs seem to simply hang during boot when booted in recovery mode. Investigate.
  • Turns out the default kernel in the latest ISO has a broken recovery mode. However, the next kernel update thereafter works without issues. This will therefore resolve itself during regular updates, and the next ISO build should have it fixed.

ARCHIVED[edit]

review root related documentation[edit]

faillock[edit]

security-misc - review pam-configs[edit]

security-misc - faillock - stop reset after reboot[edit]

security-misc - faillock - stop reset after 24 hours[edit]

  • should not be reset after 24 hours
  • no need to automatically reset at all
  • user should always have a chance to learn about failed login attempts
  • this can (likely?) be configured in our already existing configuration file in security-misc
  • Lockout reset is preventable, tally reset cannot be configured out and the largest possible delay between resets that can be set is arbitrarily limited to 7 days.
  • Fixed as much as possible in commit https://github.com/ArrayBolt3/security-misc/commit/690e8dd826d1cb39c0c12c03792781862cc2dd23archive.org

security review[edit]

  • as discussed
  • done, notes shared in chat

live-build - stop installation extraneous packages[edit]

  • dhcp / networking related packages
  • whiptail
  • should not be pulled by live-build
  • if deemed useful packages, needs to be discussed in forums and and done inside the derivative-maker /packages/ folder through Depends:
  • Looks like this is solved, cannot find isc-related packages, ifupdown, or whiptail in my latest build.

live-build - dracut related fixes[edit]

kloak - add support for /dev/input/mice[edit]

  • VM has no /dev/input/mouseX
  • VM has only /dev/input/mice
  • kloak ignores /dev/input/mice.
  • (user reported using a Ubuntu 24.4 VM)
  • kloak only uses /dev/input/eventX devices by design, these are provided by the evdev driver and seem like they should always exist
  • Could not reproduce issue with QEMU using either Kicksecure or Lubuntu 24.04 - /dev/input/eventX devices for mouse always exist, as do individual /dev/input/mouse devices. Need to know what hypervisor was in use to test further

Patrick:

  • asked user about which VM. waiting for reply.
    • probably user error. archiving.

ISO - check git history[edit]

  • check derivative-maker source code git history as it might have useful options
  • Found and extracted lb config command. Commit used was from 2023-07-20, and is the latest live-build commit on that day.

desktop-config-dist package version issue[edit]

  • kicksecure /dists/bookworm-developers/main/binary-amd64/Packages
Package: desktop-config-dist
Version: 3:10.1-1

desktop-config-dist(master)]% git describe              

10.1-1
  • todo: investigate
    • How did an outdated desktop-config-dist version (older than in git) end up in the test ISO? Did it install packages from local repository? Then this issue should be impossible to happen. Or did it test wise use the remote, stable repository? Then this is not surprising. The stable repository often has older versions. These are for the most part only updated once a new stable release has been released.
  • note: updated due to below now
  • The version of the desktop-config-dist package installed on the ISO had contents older than in Git, but the version number was *newer*. This leads me to believe that most likely the machine used to build the ISO had testing code left in derivative-maker/packages/kicksecure/desktop-config-dist or similar.

research chvt security impact[edit]

tirdad - fix[edit]

Security Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk Encryption[edit]

wiki improvements related to Open Source hardware and firmware[edit]

e-mail processing[edit]

  • read e-mail on confidential computing, digest, add to wiki (cannot be copied/pasted)
  • Added notes to confidential computing page.

keepassxc org.freedesktop.secrets Linux distribution compatibly feature request[edit]

research enclaive[edit]

research constellation[edit]

research Intel TDX[edit]

ISO - wrong bootloader entry[edit]

ISO - fallback boot loader broken[edit]

  • Similar to above.
  • Ultimately this is not something we can fix until the migration to live-build is done.
    • Debian Live doesn't install with a fallback bootloader enabled *at all* by default, only the Debian-specific path has a bootloader installed to it.
    • Ubuntu installs a special "fix the UEFI NVRAM vars" bootloader under \EFI\BOOT\BOOTX64.EFI but that's Ubuntu-specific it appears.
    • There is an option in Debian that allows always installing the GRUB bootloader to the fallback bootloader path in addition to the normal installation location (https://wiki.debian.org/UEFI#Force_grub-efi_installation_to_the_removable_media_patharchive.org). This option would work great for us, however it requires that grub-efi-amd64 be installed, which requires grub-pc to be uninstalled, which looks like it will probably cause issues on non-UEFI systems.
    • At this point we have to choose to have either slightly broken UEFI, or slightly broken BIOS, there is no middle ground until the live-build migration is complete. However, we may be able to tell Calamares to not install a fallback bootloader of its own anymore since this bootloader doesn't work at all.

ISO - calamares - logo size reduction[edit]

ISO - calamares - encrypt button bug[edit]

ISO - live-config - dist shellprocess_fixconkeys_part[edit]

  • Why is this required? Please report, fix this issue upstream in calamares, if possible. Otherwise, please add a comment to the file in live-config-dist so these files can be removed some day.
  • Reported upstream at https://github.com/calamares/calamares/issues/2383archive.org

research Secure Cloud Hardware[edit]

research AMD Infinity Guard[edit]

tirdad[edit]

tirdad - read history and old discussions[edit]

tirdad - functionality review[edit]

tirdad - backports compatibility[edit]

tirdad - fix code issues[edit]

tirdad - upstream to Linux[edit]

  • please discuss upstream
  • see if it is possible to send a pull request upstream

tirdad - compile time hardening flags review[edit]

  • Any compile time hardening flags that could be set?
  • Setting compile-time flags could be dangerous. Would recommend just sticking with the defaults in the kernel.

tirdad - lwn article review[edit]

  • https://lwn.net/Articles/455270/archive.org
  • something important to know there?
  • Using random 32-bit numbers from the kernel's RNG will avoid any potential security issues like the ones described here.

tirdad - development branch[edit]

  • Please create a development branch that comes with all your PRs merged.
  • This has been completed by Aaron in the rewrite branch.

boot issues debugging[edit]

research AMD TSME[edit]

investigate locale issue[edit]

tirdad[edit]

security review tirdad.c[edit]

hardware security features for RamCrypt[edit]

  • If software-only isn't possible, maybe hardware features such as SGX need to be used.
    • SGX itself does not appear to be useful for us. It allows running security-sensitive code in a secure "box" that nothing else on the system can pry into, but that security-sensitive code is limited in capabilities. It does not appear to be possible to run an entire virtual machine in an SGX enclave.
    • Intel TXT and TME-MK are much better suited for our purposes.
  • todo research: Are there still unpatched security issues in SGX or similar features that could be used for that?
    • It appears known issues are patched in the latest processors. Microcode updates were used to fix some of the issues.

report GTK touchscreen detection bug[edit]

investigate kloak bugs[edit]

research Intel / AMD RAM Encryption[edit]

pKVM research[edit]

  • research if pKVM assumes a locked down host and/or remote attestation (Google SafetyNet)
  • Researched and added to Whonix Dev/cloud page

dracut follow-up[edit]

calamares luks encryption settings ticket[edit]

secure cloud research[edit]

  • move notes from chat to wiki
  • Revamped Confidential VMs section in wiki

RamCrypt + no-fill cache mode[edit]

  • Draft an email for the kernel development mailing list asking about the possibility of 100% RAM encryption, mounting CPU cache as RAM for the 3%.
Subject: Investigating practicality of full memory encryption techniques using frozen cache and TRESOR/RamCrypt

I am currently helping with software development for the Kicksecure and Whonix projects, which are heavily focused on privacy and security. One of the goals we'd like to achieve is making it possible to securely run virtual machines on x86_64-architecture cloud servers in a manner resistant to cold-boot attacks, without relying on technology such as Intel SGX and TDX or AMD SEV that requires trusting CPU-vendor-provided code, keys, etc.

The two main technologies we're looking into for this purpose are TRESOR[1] and RamCrypt[2]. TRESOR is a full disk encryption mechanism that stores all disk encryption keys in CPU registers, such that the key is never[3] stored in RAM. If used on the hardware of a VM host, this would prevent a cold-boot attack from finding the disk encryption key. RamCrypt is a full memory encryption mechanism that uses the same technique as TRESOR to hide an encryption key inside the CPU, using it to transparently encrypt and decrypt the memory of running applications using memory paging techniques. Both of them have working proof-of-concept implementations described in the linked papers. Our hope is to eventually get fully functional, production-ready TRESOR and RamCrypt implementations created and upstreamed into the Linux kernel. For the avoidance of doubt, I am not the author of or a contributor to either TRESOR or RamCrypt.

One issue we have with RamCrypt is that it leaves part of a protected process's memory unencrypted in RAM as necessary. By default, up to four 4k pages of RAM are unencrypted at a time, with new pages being decrypted and older ones being encrypted transparently as needed. This has the serious disadvantage of making a cold-boot attack potentially successful, even if it is statistically unlikely to work. The chances of a successful attack against RamCrypt are non-negligible - the RamCrypt paper shows that a RamCrypt-protected nginx instance left a critical encryption key exposed in RAM 3% of the time in their test scenarios. This is worrying to us, and we're wondering if there is a way to prevent this from being a problem.

Our current hope is to use a cache-as-RAM technique (similar to what is described in the Frozen Cache[4] project) to potentially overcome this limitation. The idea, roughly speaking, is to ensure that protected process memory is only ever present in decrypted form in one of the CPU caches, and is prohibited from ever touching system RAM. When a page of memory is accessed that is encrypted, a previously decrypted page will be encrypted, written to system RAM, then an encrypted page will be decrypted into cache and used. Cache should be approximately as hard to access in a cold-boot attack as registers, thus this would allow a protected process to be immune to cold-boot attacks by never storing any sensitive data decrypted in RAM. It appears that no-fill cache mode could potentially be used for this purpose, though doing so without entirely destroying system performance seems like it would be tricky and probably require dedicating one or more CPU cores to running "protected" software with this modified caching mode.

The high-level end goal is to allow KVM-accelerated QEMU processes to be run encrypted via RamCrypt, with no unencrypted VM memory touching system RAM, and with the physical machine running TRESOR to protect the filesystem on which the VM virtual disks are stored. To begin with, though, it would be useful to know whether it's even possible with Linux's architecture to combine RamCrypt and no-fill cache mode to transparently encrypt a process's memory without exposing it decrypted in RAM. Some advice on how to go about implementing something along these lines would also be welcome, so that we can implement it in a way that is most likely to be accepted into the upstream kernel.

Thanks for taking the time to read this, and have a great day!

[1] https://faui1-files.cs.fau.de/filepool/projects/tresor/tresor.pdf
[2] https://faui1-files.cs.fau.de/filepool/projects/ramcrypt/ramcrypt.pdf
[3] Well, almost never - the key is briefly stored in RAM when read from whatever device provides it, but it is immediately expunged from RAM thereafter.
[4] https://frozencache.blogspot.com/

ISO - Fix encryption checkbox bugs[edit]

ISO - calamares encryption settings[edit]

sudo cryptsetup --verbose --use-random --cipher aes-xts-plain64 --key-size 512 --hash sha512 --use-random luksFormat <device>

  • distribution developers should control most if not all of that line
  • "sudo" - is probably a given since cameras runs as root.
  • "cryptsetup" - maybe a distribution wants to use a wrapper.
  • "--verbose --use-random --cipher aes-xts-plain64 --key-size 512 --hash sha512 --use-random" these are certainly options which a distribution should be able to decide.
  • "luksFormat" -
  • "<device>" - probably provided by calamares through a variable

Based on theoretic considerations only. Since calamares uses a library to use cryptsetup (?) it may not be as simple for a distribution to set these command-line options?

Patrick:

Aaron:

org.freedesktop.secrets implementation[edit]

Cloud virtualization - research RAM-less encryption techniques for disk and RAM encryption[edit]

See https://www.whonix.org/wiki/Dev/cloud#Confidential_VMsarchive.org

live-build dracut test[edit]

ISO - error message during boot: mount: /sysroot: special device LiveOS_rootfs does not exist[edit]

unbootable system after installing dracut on a standard Debian installation[edit]

grub-live with 90overlayfs[edit]

## dracut support
## https://www.kicksecure.com/wiki/Grub-live#Developer_Information
##
## using Debian forked upstream module 90overlay-root (tested)
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rootovl"

Comment out. 

## using dracut upstream module 90overlayfs (untested)
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rd.live.overlay.overlayfs=1 rd.live.overlay.readonly=1"

Comment in. Test. Fix if required. Report issues upstream to dracut.

If there are bookworm related issues, please test on trixie.

No backport required. The rationale of this task if to get away from Debian (fork) specific 90overlay-root to 90overlayfs one day. trixie is early enough since there are no major issues in the current implementation but might be in trixie if we don't port.

This works on Trixie - generate an initrd with the overlayfs module added, then boot with rd.live.overlay.overlayfs=1 on the kernel command line. The rd.live.overlay.readonly=1 parameter is unnecessary and should be removed - it's for systems where you have an immutable base filesystem and a persistent overlay, and you want to make the overlay read-only, putting another overlay on top of it.

This does not work on Bookworm - the overlayfs module script is simply not run despite being present. It's possible to drop to a rescue shell using rd.break=mount on the kernel command line, then run the script manually - this works, but is obviously not practical.

comment: Boot Existing, Usual Linux Installation from Hard Disk in Live Mode / read-only mode with dracut #1565archive.org

dracut - test dracut without systemd[edit]

kloak - memory leaks[edit]

  • chatgpt suggests...
    • struct entry in main loop might not be freed
    • n1 = malloc(sizeof(struct entry));
    • please check for other variables (specifically in main loop) which might not be freed
  • Double-checked just in case, this had been previously checked in my own ChatGPT code review and doesn't appear to be a problem. Entry items are created and stored temporarily in *n1, then queued. Those items are later assigned to the np variable and then freed in the event release loop (free(np)). The only edge case where I can see this going wrong is if kloak gets stuck and stops delivering events, which would also freeze the keyboard and make the user very likely to immediately termiante kloak.
  • The other variable which ChatGPT warned me of is pfds, which is very clearly freed when the loop exits, needed throughout the loop's entire lifetime, and which will be automatically freed if the loop is terminated since terminating the loop terminates the whole program.

kloak - Qubes support - read and comment in Qubes kloak in dom0 ticket[edit]

ISO - must choose encrypt vs not encrypt. Empty default setting[edit]

kloak - update readme[edit]

kloak - fix debug symbols[edit]

W: kloak-dbgsym: debug-file-with-no-debug-symbols [usr/lib/debug/.build-id/3a/ae8c705abefbd590d2206221eea4c2abd90cf4.debug][edit]

N: 
N:   The binary is installed as a detached "debug symbols" ELF file, but it
N:   does not appear to have debug information associated with it.
N:   
N:   A common cause is not passing -g to GCC when compiling.
N:   
N:   Implementation detail: Lintian checks for the ".debug_line" and the
N:   ".debug_str" sections. If either of these are present, the binary is
N:   assumed to contain debug information.
N: 
N:   Please refer to Bug#668437 for details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: binaries/debug-symbols/detached
N: 
N:

read Dev bash wiki page[edit]

  • https://www.kicksecure.com/wiki/Dev/basharchive.org
  • might be already known, just in case
  • checked it, bookmarked it, some of the issues mentioned there were things I hadn't thought of before (like echo '-e' failing or security risks from failing to use -- to signal end of options)

haveged test suite passes even if only 1s are produced?[edit]

oomd[edit]

ISO - Install to system desktop icon: maximize window[edit]

gpg sign all your future git commits[edit]

add gpg key to your github[edit]

Add python3 dependency to mediawiki-shell package[edit]

  • Lintian error during build of Kicksecure ISO from derivative-maker commit 8fa4ba76: "E: mediawiki-shell: python3-script-but-no-python3-dep /usr/bin/python3 (does not satisfy python3:any | python3-minimal:any) [usr/bin/mw-urlencode]"

seccomp debugging documentation[edit]

copy notes on seecmop debugging from https://github.com/Whonix/kloak/pull/1archive.org to https://www.kicksecure.com/wiki/Seccomparchive.org

(so in the future when this is happening, we can link to the documentation so users get an idea how to debug and fix this)

just briefly similar to the pull request

autostart systemd user unit xdg-desktop-portal[edit]

kloak - add configuration option to disable rescue key[edit]

  • user reported that some hotkeys aren't functional due to kloak rescue key.
  • suggested solution, feature request: allow rescue key to be disabled thorough configuration
  • a command line option + systemd unit drop-in configuration file?
  • example systemd unit drop-in configuration: https://github.com/vmonaco/kloak/issues/75#issuecomment-2196543109archive.org

kloak - testing[edit]

kloak - document rescue key[edit]

kloak - makefile fix[edit]

  • Makefile should check if pkg-config exist because otherwise it fails with libevdev error?

kloak - verbose log sharing[edit]

Documentation is currently stating:

Warning: Privacy implications of log sharing are unknown!

Might verbose log reveal the typing fingerprint of the user?

kloak - mouse click obfuscation[edit]

kloak - xrdp support[edit]

kloak development[edit]

backlog - one day[edit]

rootless X11[edit]

  • only if doable with low effort such as just changing some configs (such as in lightdm config) or changing some installed packages
  • Would require switching away from LightDM or enabling rootless X11 support in LightDM, thus moving to backlog.

power9 RAM encryption research[edit]

  • todo

auto-detect, prompt for potential root devices in case the root= device is misconfigured or missing[edit]

dracut add support for undeclared CDLABEL[edit]

as discussed

live-build - Retry button in derivative-maker doesn't work[edit]

  • low priority, move to backlog please

Footnotes[edit]

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

Retrieved from "https://www.kicksecure.com/w/index.php?title=Dev/todo&oldid=87587"