Bug#960195: marked as done (linux-image-5.6.0-1-amd64: Please enable CONFIG_INTEL_TXT=y)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 17 Dec 2020 12:00:09 +0000
with message-id <E1kprx3-0008yY-Tv@fasolo.debian.org>
and subject line Bug#960195: fixed in linux 5.10.1-1~exp1
has caused the Debian Bug report #960195,
regarding linux-image-5.6.0-1-amd64: Please enable CONFIG_INTEL_TXT=y
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
960195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960195
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: linux-image-5.6.0-1-amd64: Please enable CONFIG_INTEL_TXT=y
• From: Timo Lindfors <timo.lindfors@iki.fi>
• Date: Sun, 10 May 2020 17:00:08 +0300 (EEST)
• Message-id: <alpine.DEB.2.20.2005101651380.5531@mail.home>

Package: src:linux
Version: 5.6.7-1
Severity: wishlist

Hi,

can you please enable CONFIG_INTEL_TXT=y on x86? I am in the process
of packaging tboot for Debian (#803180) and it would be nice if users
would not need to rebuild their kernels for this.

I have used Debian kernels rebuilt with CONFIG_INTEL_TXT=y on both
servers and laptops for around three years now without noticing any
drawbacks at all.

Here's a work-in-progress README.Debian file for tboot that might give
you some perspective on how tboot is used.


tboot for Debian
---------------

Background
----------

Trusted computing is a broad and complex topic but here is a short
summary on how tboot fits to the picture.

There are two main ways of performing measured boot. In SRTM (Static
Root of Trust Measurement) each component measures the subsequent
component in the boot chain to the TPM chip. The TPM chip cannot stop
the boot process but you can store secrets (e.g. disk encryption keys)
to the TPM such that they can only be accessed if the TPM has observed
unmodified measurements of the boot chain.

In DRTM (Dynamic Root of Trust Measurement) a special CPU instruction
(SENTER) is used to enter a measured launch environment that cannot be
affected by the software that was running earlier during the boot
process. Similarly to SRTM this environment is measured to the
TPM. The main benefit of DRTM is that bugs in your BIOS or boot loader
cannot be used to send fake measurements to the TPM. The main
drawbacks are that it requires a CPU that supports the SENTER
instruction and that it is vulnerable to malicious code running in SMM
(System Management Mode) or ME (Management Engine).

It is possible to combine SRTM and DRTM. It is also possible to use
them together with Secure Boot to prevent loading untrusted code.

The tpm.mod module in the Debian package grub-efi-amd64-bin can be
used for SRTM. This package can be used for DRTM.

AMD has its own instruction for DRTM, called SKINIT, but tboot does
not support it at the moment.

Getting started
---------------

If you want to boot Linux with tboot you need a kernel built with
CONFIG_INTEL_TXT=y. Currently Debian kernels are not built with this
option so you need to rebuild the kernel. One way to do that is as
follows:

1) $ sudo apt-get install devscripts
2) $ apt-get source linux
3) Edit debian/config/config and add CONFIG_INTEL_TXT=y
4) Edit debian/config/defines and add "+txt.1" to abiname. If you
   don't need real-time kernels and want to save build-time you can also
   set "enabled: false" for featureset-rt_base
5) $ dch -i
6) Add "+txt.1" to the version number and save the file.
7) $ sudo apt-get build-dep linux

8) $ env DEB_BUILD_OPTIONS="parallel=$(nproc)" dpkg-buildpackage -rfakeroot -us -uc

9) Run the previous command again since it intentionally fails on the
   first run. The build should take around 2-3 hours.

Note that you also either need to specify the boot option
intel_iommu=on or use a kernel that has
CONFIG_INTEL_IOMMU_DEFAULT_ON=y set.

The boot firmware should provide the ACMs (authenticated code modules)
needed for Intel TXT to function. If the boot firmware does not do
this then it might still be possible to use TXT if tboot loads the ACM
modules from the filesystem. These ACM modules are non-free and not
recommended. For more information, see for example
https://doc.coreboot.org/security/intel/acm.html

Common misconfigurations
------------------------

This package does not provide a complete solution for e.g. TPM-based
disk encryption. However, regardless of what solution you end up using
you should make sure that it avoids at least the following common
misconfigurations:

1) If you use a normal Debian initramfs you can easily get a root
   shell without affecting TPM measurements e.g. by disconnecting the
   hard disk during the boot process. One way to solve this issue is
   to use the boot parameter panic=86400.

2) If you use LVM inside your encrypted LUKS volume it is possible to
   trick LVM into activating an LVM PV from unencrypted media. If you
   provide your own /sbin/init on that media you can execute arbitrary
   code as root. One way to solve this to use e.g.

   filter = [ "a|/dev/mapper/md1_crypt|" ]

   in /etc/lvm/lvm.conf.

3) If you use an UUID or GUID to find the root partition an attacker
   can similarly trick the boot process into running their own
   /sbin/init. The default configuration in Debian with LVM on LUKS
   avoids this issue by specifying the boot parameter
   root=/dev/mapper/HOSTNAME--vg-root.

4) It is possible to trick systemd-gpt-auto-generator into activating
   an unencrypted swap device and mounting an unencrypted /srv
   partition. This can lead into arbitrary code execution.  One way to
   solve this problem is to use the boot parameter
   systemd.gpt_auto=no.

5) An attacker can tamper with the files that are stored on the
   unencrypted /boot partition. If you support automatic updates with
   forward-sealing of data for new package versions there is a risk
   that you might seal data for tampered system files. A solution is
   to carefully verify the integrity of files used for measurements
   and to force any generated files to be regenerated. One way to
   implement this is to use the following commands:

   (cd / && grep -h " boot/" /var/lib/dpkg/info/*md5sums | md5sum -c)
   update-initramfs -k all -d
   update-initramfs -k all -c
   update-grub2




-Timo

--- End Message ---

--- Begin Message ---

• To: 960195-close@bugs.debian.org
• Subject: Bug#960195: fixed in linux 5.10.1-1~exp1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Thu, 17 Dec 2020 12:00:09 +0000
• Message-id: <E1kprx3-0008yY-Tv@fasolo.debian.org>
• Reply-to: Salvatore Bonaccorso <carnil@debian.org>

Source: linux
Source-Version: 5.10.1-1~exp1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 960195@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Dec 2020 10:06:31 +0100
Source: linux
Architecture: source
Version: 5.10.1-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 898446 960195 973870 975572
Changes:
 linux (5.10.1-1~exp1) experimental; urgency=medium
 .
   * New upstream release: https://kernelnewbies.org/Linux_5.10
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.1
 .
   [ Salvatore Bonaccorso ]
   * [rt] Update to 5.10-rt17
 .
   [ Ben Hutchings ]
   * userns: Enable unprivileged user namespaces by default (Closes: #898446)
     (sysctl: kernel.unprivileged_userns_clone)
 .
   [ Bastian Blank ]
   * Enable all Industrial I/O accelerometers. (closes: #975572)
   * Enable all Industrial I/O ADC.
   * Enable all Industrial I/O DAC.
   * Enable all Industrial I/O digital gyroscopes.
   * Enable all Industrial I/O IMU.
   * Enable all Industrial I/O light sensors.
   * Enable all Industrial I/O magnetometers.
   * Enable all Industrial I/O pressure sensors.
   * Enable all Industrial I/O proximity sensors.
   * Enable all Industrial I/O temperatur sensors.
   * Enable BT_LEDS.
   * Enable remaining LEDS_TRIGGER_*.
   * Enable ZONEFS_FS.
   * Gemerate BTF debug info: (closes: #973870)
     - Enable DEBUG_INFO_BTF.
     - Build-depend on dwarves.
   * [amd64] Support high CPU counts:
     - Set MAXSMP.
     - Remove not longer modifiable NR_CPUS.
   * [armel/marvell] Disable uncompressed size check.
   * [x86] Enable INTEL_TXT. (closes: #960195)
Checksums-Sha1:
 f414f580462d3f89634b6bb6ea91b9659da7dbe0 203922 linux_5.10.1-1~exp1.dsc
 e0bbd79565bcc5549b68078207dc1a3be34a8480 121433136 linux_5.10.1.orig.tar.xz
 3631699e412f1ad4251b14f3975d13283a1c8c86 1272056 linux_5.10.1-1~exp1.debian.tar.xz
 003e639db01905843a17f0c6312593c2b67b1546 7339 linux_5.10.1-1~exp1_source.buildinfo
Checksums-Sha256:
 78d8a96c1dad9cf2e12d46d25bc9713873ce7bf77b6c88d198dc9285081e1a8d 203922 linux_5.10.1-1~exp1.dsc
 5452ac49ebd6a09465d3331deb3e79358c48081019303d92f2e7f8f1f924ca14 121433136 linux_5.10.1.orig.tar.xz
 355d08d3e67dae8c0b252c407362ee518316ab8a2733302056bc10b1bee2bfbb 1272056 linux_5.10.1-1~exp1.debian.tar.xz
 0d89ca63ffaa6d5e077ca1bc8e55fa9df1751df2d8d05f94b7e5d2f932ffe003 7339 linux_5.10.1-1~exp1_source.buildinfo
Files:
 53eefcd401478621ddf90878cbb2c2c9 203922 kernel optional linux_5.10.1-1~exp1.dsc
 bae658b8a6124c57a1f156f58d1b42ef 121433136 kernel optional linux_5.10.1.orig.tar.xz
 a0f05b3ab5e7549ef32eff28b38afae9 1272056 kernel optional linux_5.10.1-1~exp1.debian.tar.xz
 8773243ec27326864cb6c9b51bdfc4d3 7339 kernel optional linux_5.10.1-1~exp1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/bH+lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EkCsP/0Y0xfn1zMKznXnPMlwnQPplW22XDZOd
HIzxTB7ggho/gN+pM2TF1JQPVtwEdAVkaIvwDOsJ73pCukJVDLidzdM8KHdspSwc
ZuvVr45Bjes8umIQcjfqlwRve9bpHf7FfjKFU9oVoBI4iZLpgiJeQOIvaglTy2+N
YqX6xGnm55KHE25RxZ14ZzxcRNeVBIldwe0de2hHMLW4py8qZaiUFbZVE3mAfrSq
eK9ltIlDn5qU2NFCYXtYoPgOIreGoTH3eIHD0iFaGHWKMhGb75q8K5osyQxDeslr
zg/aLlrEVnoBhBVI8ymnlXd4rCwlSaIIQs+OMGgfrEFUMwygx8Z6Fs7VFPbwCVqB
7xk/2aAnpbSZdkYbFk6ijbKN5Yu3/5Ak4AX3XirN6holt+n+RUuqNbsnXstXj/i1
937AhlraoPDGbVPQoRXlJ2gnwx8N89iLHCtTB+aGN9n5zHnbU07UA/Gcnh5qTZou
M7yOQk9Lhe68XKIlY6VRLtN6CwFKLVVZZiexCfxiEsscT4FIRO5iFL+Vk/UXjZNB
9ECk6lcxPwKgYMpCmMmP4YPy4M2QtDENjY3BZfsh3P6zOvs3MkQ2kjJwVCU4SmAZ
foKnIHpUgbwUrMmr6muOBtcNQvwQzzYZVxcsEjVZO6DguvlvKg/Cnp2CTxYrq+rv
D5fGXDzbXw/8
=ErTu
-----END PGP SIGNATURE-----

--- End Message ---