Signing package contents: why and how

Debian has infrastructure to ensure that users obtain unmodified versions of packages, but once they’ve hit disk that chain of trust vanishes. debsums allows admins to verify that the packages hash to a value stored in the dpkg package database, but in the face of active attack that provides no guarantees - an attacker can simply modify the stored hashes to match their modified binaries. The easiest approach is to use a read-only filesystem, but what if there were a stronger way to provide these guarantees without making system updates more difficult?

IMA, the Integrity Measurement Architecture, provides an in-kernel mechanism for verifying that binaries match associated signatures stored in extended attributes alongside the executable. These signatures can be generated at any point in the packaging process, from package build to archive processing. And with a simple addition of functionality to dpkg (already in progress), these signatures can be written out at package install time, allowing users to configure systems such that distribution binaries won’t run if they’ve been tampered with.

What needs to be done to make this possible in Debian? Is it worth the effort? And how do we do this in a way that avoids systems being locked down in ways that limit user freedom? This presentation will attempt to answer all of these questions.

• Video