Dan Callaghan

Linux.conf.au 2020: day five

The fifth and final day of Linux.conf.au 2020. You can read my notes from days one, two, three, and four as well.

Out of the sausage factory and into the streets: defending digital rights – Lizzie O’Shea

A disheartening first-hand account of the efforts to stop Australia’s latest warrantless surveillance legislation, the Assistance and Access Act. It is “warrantless”, contrary to its supporters claims, because it allows surveillance based on a warrant or authorization, where the authorization can be issued by a government agency without judicial oversight. Lizzie explains that Australia is a perfect guinea pig for Five Eyes spy agencies to experiment with surveillance legislation because we have no bill of rights protecting civil liberties. “In seeking to break encryption, the government is prioritising the interests of [spy] agencies over the citizens they’re supposed to protect.”

The saddest part of the story is that Labor was convinced to pass the legislation by some last minute horse trading. They were expected to roll it back after they won the “unlosable” election in 2019 which they went on to lose.

TPM-based attestation: how can we use it for good? – Matthew Garrett

Matthew starts with a quick overview of the capabilities of TPM chips, and how we can use those to prove that a certain computer is the computer it claims to be, in a large-scale automated way, which is something he works on for Google.

But this talk is instead about techniques we can use to verify that our own computer hasn’t been tampered with every time we use it. One piece of the puzzle is the PCR measurements. Windows apparently measures lots of important boot state into PCRs but on Linux this kind of verified boot process is not well supported yet.

Part of the problem is that the measurement values are expected to change all the time – like every time you update your boot loader packages or your kernel. One possible solution to this is to keep a log in main memory of the PCR measurement values so that when the hash has changed it is at least possible to see which value in the chain changed and decide if we were expecting it to change or not.

Aside from the question of PCR measurements, Matthew went on to present a tool he has designed, tpmtotp, to let you verify your PC has not been tampered with by comparing an OTP value shown on boot with one that appears on your phone. He gave a live demo of using his phone to view the OTP and measurement log over Bluetooth Low Energy. “Use it for good.”

Securing firmware: secure and trusted boot in OpenBMC – Joel Stanley

OpenBMC is an open source implementation of the firmware for “baseboard management controllers”, the IBM term for out-of-band management chips generally found in server hardware. Joel likens the BMC ecosystem to the history of X and its fragmentation due to vendors competing on proprietary implementations. OpenBMC is apparently an attempt to build an industry standard open source implementation, although it seems heavily biased towards Google and IBM and their ecosystem.

OpenBMC targets a range of Aspeed SoCs, and the newer parts allow signing of firmware for a hardware root of trust. He went into detail about how the OpenBMC project is implementing “trusted boot” (meaning measure the boot but don’t assert anything) and “secure boot” (bail out if signatures don’t match).

“Write a single library to handle all input devices, it’ll be easy” they said… – Peter Hutterer

Peter gave a run-through of the history of libinput, the modern library for input device handling used in Xorg and in Wayland compositors, and how the library evolved from various X input device drivers.

He ended his talk by mentioning the rather alarming bus factor for libinput: 1, him. Although there is no shortage of new work to be done in the area, it seems like everyone considers input to be a solved problem (or solved enough) not to worry about who is maintaining the code. It very much reminds me of the state of maintainership of GnuPG and OpenSSL until those issues blew up very publicly in 2014 with Heartbleed.

How to make kernel and userspace CI for input devices? – Benjamin Tissoires

Work on the input device drivers and userspace stack have historically involved a lot of manual regression testing at Red Hat, where the developer has to plug in real hardware and interact with it to check that it works as expected.

The strategy for automated regression testing has evolved over time. The initial attempt was a kernel module, uhid.ko, which captures events from USB HID devices and can replay them in real time. But that approach produced a big pile of slow, hard-to-maintain known-value tests.

More recently Benjamin has been working on a Python library to decode HID descriptors (here he veered into an explanation of the HID protocol and how the “descriptors” are a device-specific description of how the HID events are encoded by the device) and synthesise arbitrary HID events from them. This is now used in libinput integration tests, which are running in Gitlab pipelines on the new Freedesktop.org Gitlab infrastructure.