V Tue, Jun 28, 2022 at 08:27:16PM +0100, David Howells napsal(a):
Sharpened Blade via devel devel@lists.fedoraproject.org wrote:
It would be stored with permissions for only root to read it, and you disk should be encrypted, or none of this matters.
It doesn't matter if your disk is encrypted. Whilst your computer is online, the contents are accessible. If your kernel memory is accessible through /dev/mem or /dev/kmem, there's a chance that your keys can just be read directly.
If one can read /dev/mem, he can edit any executable or PAM configuration, in memory or on a disk, to assure a permanent acccess or to steal any data existing right now.
There is a little benefit of stealing private keys if you have all data available right now. The only benefit is future off-line attacks by being able to sign data of your choice. E.g. if you are Microsoft which signs shim so that Fedora can actually boot on Secure Boot-enabled devices.
One of the things secure boot can do is lock down *read* access to your raw memory/kernel virtual memory to make it harder for someone to steal your secrets. It's not a secure as using a TPM ought to be, though.
You don't need need a secure boot for that. Simply compile your kernel with CONFIG_STRICT_DEVMEM=y or CONFIG_DEVMEM=n or any similar hardening option.
-- Petr