TrenchBoot – improving boot security and integrity – Exploring the Various Boot Options and Kernels in Oracle Linux

TrenchBoot – improving boot security and integrity

TrenchBoot is a GitHub cross-community and cross-platform framework integration that grew from an idea by Apertus Solutions that originated in 2014 to deal with the limitations of using tboot to launch Xen for the OpenXT project and other contributors, such as Oracle (Intel), 3mdep (AMD), and Citrix (https://github.com/TrenchBoot). Its primary purpose is to expand the mechanism of security and the integrity of the boot process by using a standard and unified approach (between Xen, KVM, Linux, BSDs, and potentially proprietary kernels). A common location where you will see this being used is Oracle Cloud’s shielded instances.

Getting ready

One of the main capabilities of TrenchBoot is securely launching Linux. This feature enables the Linux kernel to be dynamically launched by AMD and Intel by introducing an intermediate phase to the boot launch. Unlike traditional first-launch scenarios, such as the bootstrap phase used by open source dynamic launch tools such as XMHF, OSLO, OpenText Secure Boot, and tboot, TrenchBoot provides the ability to launch kernel upgrades through a key exec. You could then launch an integrity kernel that could dynamically inspect the system and establish the integrity of the platform before persisting everything to a diskless embedded environment during a shutdown. Note that the newly introduced intermediate phase includes an intermediate loader called TrenchBoot Loader that various bootstrap solutions can launch. TrenchBoot Loader contains the TrenchBoot Security Engine, which implements integrity processing. Please refer to the following diagram:

Figure 3.17 – TrenchBoot process overview

Oracle has added more TrenchBoot support to the Oracle Linux kernel to enable a Secure Boot protocol for the Linux kernel for multiple use cases, such as two-factor authentication (2FA) for laptops or crowdsourcing integrity handling; this option is the best choice.

Note

You can see some of Oracle’s efforts by reading the kernel.org archive at https://lore.kernel.org/lkml/[email protected]/.

How it works…

The TrenchBoot Loader is composed of well-known components such as Linux and u-root. Let’s take a closer look at the main components within it:

  • A TrenchBoot-enabled kernel with integrated TrenchBoot u-root initramfs
  • Integrated TrenchBoot Security Engine as an extension to u-root
  • A new image that can be launched by the boot loader

This build process is shown in the following diagram:

Figure 3.18 – TrenchBoot image process

The main benefits of using TrenchBoot are as follows:

  • Secure boot: TrenchBoot provides a Secure Boot process that ensures that only trusted software is executed on the system. This prevents the execution of malicious software that could compromise the system.
  • Runtime integrity: TrenchBoot ensures that the system remains secure even after booting by verifying the integrity of the software and data at runtime. It uses technologies such as Intel SGX and AMD SEV to provide hardware-based isolation and attestation.
  • Protection against attacks: TrenchBoot provides protection against various types of attacks, including firmware attacks, malware, and kernel rootkits.
  • Platform-agnostic: TrenchBoot is platform-agnostic and can be used on different hardware platforms, including x86, Arm, and RISC-V.
  • Open source: TrenchBoot is an open source project, which means that anyone can inspect the code and contribute to its development. This makes TrenchBoot more transparent and trustworthy.

Leave a Reply

Your email address will not be published. Required fields are marked *

All Rights Reserved 2022-2024