Oracle has released a new secure-boot version of its Linux, but the new issuance is attracting criticism that it's not actually secure.
The issue, according to a series of Tweets by Linux engineer Matthew Garrett, is that Oracle's Unbreakable Enterprise Kernel supports kexec_load() and carries the same signature as the kernel Oracle sources from Red Hat.
Rather than death-by-paraphrasing, Garrett's Tweet stream is below.
The only kernel Oracle supply with any meaningful security is the one that's just a direct copy of the Red Hat kernel source— Matthew Garrett (@mjg59) March 13, 2015
Both the broken UEK kernel and the good Red Hat clone kernel are signed with the same key— Matthew Garrett (@mjg59) March 13, 2015
So you can just replace the good kernel with the broken kernel, own the system and then kexec() into a backdoored good kernel— Matthew Garrett (@mjg59) March 13, 2015
The really fun thing is that Oracle called their signing key "oracle301". Because the RH one ends 301. Because that was its serial number.— Matthew Garrett (@mjg59) March 14, 2015
The Secure Boot support is meant to ensure that there's a chain of trust in the boot process, as described by Oracle SVP for Linux and Virtualisation Engineering Wim Coekarts here.
“When the firmware loads the boot loader, it verifies/checks the signature of this bootloader with the key stored in firmware before continuing”, Coekarts writes. That emphasis on the signing would indicate that if Garrett's criticism is accurate, there is a serious hole in the process.
The Register has asked Oracle for comment on the issues raised by garrett in his Tweets. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Linux Foundation
- Mark Hurd
- Palo Alto Networks