Comment by snailmailstare
3 months ago
>> we can confuse the initrd into executing a malicious init executable.
This hash the next link method is always as flawed as the weakest link..
3 months ago
>> we can confuse the initrd into executing a malicious init executable.
This hash the next link method is always as flawed as the weakest link..
Of course. The typical Linux initrd is also too complicated. It should be doing this, and nothing else:
- There's an executable called /init, link it statically with everything it needs to do.
- Load kernel modules from a list (hardcoded at build time; optional if you include common modules in the generic kernel).
- Mount the root filesystem (hardcoded at build time) and pivot.
- execve("/sbin/init", ...)
I've built a PoC in pure Go that does all of this, the resulting initrd was ~2.5MB plus kernel modules. I simply moved all the boot-time complexity to build-time. It doesn't do LUKS or TPM yet, but that's also further down the roadmap.
OpenBSD went a step further and crammed FDE decryption into the bootloader. It doesn't do TPM but simple is simple.
Do you have that on github or gitlab?
I'd love to contribute, as I'm also working on something like this for the last couple weeks.