limine icon indicating copy to clipboard operation
limine copied to clipboard

Published 20 hours ago verified publisher icon limine-bootloader

Add password autentication for local entries

Open Loara opened this issue 1 year ago • 9 comments

Linux and Windows operating systems already have an authentication mechanism to prevent unauthorized access to system resources. However a sysadmin might add another protection layer against unauthorized accesses to some entries (for example you want an user to access only some entries and not others like a signed unrestricted UEFI Shell or unstable Linux kernels).

You could add a PASSWD_HASH option in the configuration files that holds a password-hash with salting (for example yescrypt which is already in libxcrypt) and a PASSWD_DELAY option to add a minimum delay after a wrong password.

Another possible feature would be a fail-lock mechanisms that prevents any entry to boot after a configured number of failed attempts held in a configuration record like PASSWD_FAILLOCK.

Loara avatar Dec 28 '23 12:12 Loara

You could add a PASSWD_HASH option in the configuration files that holds a password-hash with salting (for example yescrypt which is already in libxcrypt) and a PASSWD_DELAY option to add a minimum delay after a wrong password

That is a really weak security measure. If limine refuses to boot something, I can still do it outside of limine.

kovmir avatar Apr 11 '24 16:04 kovmir

Obviously this feature is meaningful only when SecureBoot is enabled and with BIOS locked.

Loara avatar Apr 21 '24 18:04 Loara

Boot menu is only (is it not?) about having physical access. If I have physical access, I can take the drive out or reset BIOS (UEFI) password.

kovmir avatar Apr 22 '24 05:04 kovmir

Still, if your root is unencrypted, dosent that password on the boot menu mean jack shit when someone who is trying to get your data can just open the computer, grab the drive and run? Thus with standard forensics tools, you can just get whatever you want. Encrypted root, No acess without your password. And at that point, theyre gonna come extort the password out of you. See relevant xkcd

GitBassador avatar Apr 22 '24 05:04 GitBassador

It depends, it could be a PC shared among many people and you want only the system administrator to access the UEFI shell for maintenance and avoid unpracticed people to gain access to it.

Clearly this doesn't prevent you to steal the drive and access it, but the main point to have boot entries locked behind a password is to prevent inexperienced people to inadvertently cause troubles to everyone.

Loara avatar Apr 22 '24 06:04 Loara

to prevent inexperienced people to inadvertently cause troubles to everyone.

Operating systems provide authentication methods to prevent unwanted access.

kovmir avatar May 20 '24 10:05 kovmir

to prevent inexperienced people to inadvertently cause troubles to everyone.

Operating systems provide authentication methods to prevent unwanted access.

EFI shells doesn't have any authentication method. Moreover, Linux kernel can be booted with different kernel parameters and you can't prevent an user to boot only one of specified kernel but not the others without creating a new partition with different users.

Loara avatar May 21 '24 07:05 Loara

Just set EDITOR_ENABLED or other flags you want off to no in the configuration. Relevant config flags list: https://github.com/limine-bootloader/limine/blob/v7.x/CONFIG.md

GitBassador avatar May 21 '24 07:05 GitBassador

EFI shells doesn't have any authentication method. Moreover, Linux kernel can be booted with different kernel parameters

You were talking about inexperienced people to inadvertently cause troubles to everyone.

kovmir avatar May 22 '24 07:05 kovmir

Yeah, I don't think this would ever make it upstream, sorry. Closing.

mintsuki avatar Aug 04 '24 18:08 mintsuki