Bug 205886

Summary:

USB install image requires write access to install media during boot!

Product:

Base System

Reporter:

Oliver Jones <oliver.jones>

Component:

conf

Assignee:

freebsd-bugs (Nobody) <bugs>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

freebsd-bugs, re

Priority:

---

Version:

10.2-STABLE

Hardware:

Any

OS:

Any

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=187161

Attachments:

Description	Flags
Messages shown during the boot process, up to the point of failure	none

Description Oliver Jones 2016-01-04 18:07:32 UTC

I have a Kanguru FlashTrust USB stick, which I used to boot and install FreeBSD 10.2 from. This particular USB stick has a physical write-protect switch, which I enable after setup, to prevent unauthorised modifications.

I use this particular brand because:

a) The firmware is signed, to prevent exploits or attacks via BadUSB.
b) The write protection secures install media against unauthorised changes.

There is one small problem, however: When booting from the USB image, FreeBSD 10.2 requires write access to the USB install medium in order to proceed!

Booting with the write protect switch enabled on the USB stick will prevent FreeBSD 10.2 from booting and starting the installer! To boot without errors requires the boot media to be writable. This is not necessary with Linux or Windows (typically Windows PE) USB images.

I appreciate that this issue is probably not noticeable in most cases, because most USB sticks cannot be write-protected, and will therefore silently accept writes. But this is a security flaw, since it prevents the boot media from being secured against unauthorised changes after creation and verification.

Please fix it.

Comment 1 A.J. Kehoe IV (Nanoman) 2016-01-04 19:17:44 UTC

This is a duplicate of FreeBSD Bug 187161.

Comment 2 Glen Barber freebsd_committer

2016-01-04 21:07:32 UTC

Could you please provide more details on the error(s) you encountered?  In particular, knowing what file(s) were trying to be written would be very helpful.

Comment 3 Oliver Jones 2016-01-04 21:36:35 UTC

Created attachment 165082 [details]
Messages shown during the boot process, up to the point of failure

It would appear that the root filesystem is mounted read-write, instead of read-only.

This output, of course, is shown when attempting to boot with the write protect switch enabled.

Comment 4 Glen Barber freebsd_committer

2016-01-04 21:45:03 UTC

(In reply to Oliver Jones from comment #3)
> Created attachment 165082 [details]
> Messages shown during the boot process, up to the point of failure
> 

Thank you very much.

> It would appear that the root filesystem is mounted read-write, instead of
> read-only.
> 
> This output, of course, is shown when attempting to boot with the write
> protect switch enabled.

Can you try the suggestion noted here?
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=187161#c0

(You will need to turn off write-protect mode on the USB drive though.)

Since I do not have any USB sticks with write-protection ability, I am a bit hesitant to commit the proposed change without knowing if there are any further reprocussions.

Comment 5 Oliver Jones 2016-01-04 22:05:28 UTC

(In reply to Glen Barber from comment #4)
Hi Glen,

You are quite welcome. I will give this a try tomorrow, as it's quite late. If you guys have an address, I'll also happily send you a Kanguru FlashTrust 16GB USB stick for testing, in the mail: I think it is important that you should be able to formally test this. Please send me a private message with an address I can send the stick to.

Comment 6 commit-hook freebsd_committer

2016-01-05 03:21:41 UTC

A commit references this bug:

Author: gjb
Date: Tue Jan  5 03:20:46 UTC 2016
New revision: 293188
URL: https://svnweb.freebsd.org/changeset/base/293188

Log:
  Prevent memstick installation medium from attempting to mount
  the root filesystem read-write.  This causes problems booting
  the memstick installation medium from write-protected USB flash
  drives.

  Submitted by:	A.J. Kehoe IV [1], Oliver Jones [2]
  PR:		187161 [1], 205886 [2]
  MFC after:	1 week
  Sponsored by:	The FreeBSD Foundation

Changes:
  head/release/amd64/make-memstick.sh
  head/release/arm64/make-memstick.sh
  head/release/i386/make-memstick.sh
  head/release/powerpc/make-memstick.sh

Comment 7 Glen Barber freebsd_committer

2016-01-05 03:27:33 UTC

(In reply to Oliver Jones from comment #5)
> (In reply to Glen Barber from comment #4)
> Hi Glen,
> 
> You are quite welcome. I will give this a try tomorrow, as it's quite late.
> If you guys have an address, I'll also happily send you a Kanguru FlashTrust
> 16GB USB stick for testing, in the mail: I think it is important that you
> should be able to formally test this. Please send me a private message with
> an address I can send the stick to.

Thank you for the offer, but for a one-off test case such as this, I would rather such resources to go to places where they would be put to better use.

I won't object to you making a donation to the FreeBSD Foundation, instead.  :)

I've committed an update that will be reflected in this week's snapshot builds, and will merge to stable/10 in 1 week, provided everything works as expected.

Comment 8 commit-hook freebsd_committer

2016-01-12 02:13:28 UTC

A commit references this bug:

Author: gjb
Date: Tue Jan 12 02:12:41 UTC 2016
New revision: 293723
URL: https://svnweb.freebsd.org/changeset/base/293723

Log:
  MFC r293188:
   Prevent memstick installation medium from attempting to mount
   the root filesystem read-write.  This causes problems booting
   the memstick installation medium from write-protected USB flash
   drives.

  PR:		187161, 205886
  Sponsored by:	The FreeBSD Foundation

Changes:
_U  stable/10/
  stable/10/release/amd64/make-memstick.sh
  stable/10/release/amd64/make-uefi-memstick.sh
  stable/10/release/i386/make-memstick.sh
  stable/10/release/powerpc/make-memstick.sh