heads icon indicating copy to clipboard operation
heads copied to clipboard
verified publisher icon linuxboot

unsafe usb boot of iso files without integrity verification

Open arhabd opened this issue 1 year ago • 7 comments

Is your feature request related to a problem? Please describe. When i want to boot into live debian i cant due to no detached signature

Describe the solution you'd like a menu option similare to the normal unsafe boot but for usb devices ie no security checks that iso is safe

Describe alternatives you've considered currently i swap bios when debian live is needed

Additional context this might be a band aid solution for https://github.com/linuxboot/heads/issues/1320

arhabd avatar Jan 14 '25 16:01 arhabd

I answered in detail under this matrix channel thread.

I didn't understand why this is requested per that discussion thread. Proper solution pseudocode under https://github.com/linuxboot/heads/issues/1438#issuecomment-1722386799

tlaurion avatar Jan 15 '25 19:01 tlaurion

I answered in detail under this matrix channel thread.

I didn't understand why this is requested per that discussion thread. Proper solution pseudocode under #1438 (comment)

CC @arhabd

tlaurion avatar Jan 15 '25 19:01 tlaurion

@JonathonHall-Purism agrees unsafe booting of unverified probably corrupted iso files is a desired feature at https://github.com/linuxboot/heads/issues/1438#issuecomment-2302861426

tlaurion avatar Jan 15 '25 19:01 tlaurion

replying and quoting some messages from matrix here on github for documentation as requested by @tlaurion

I'm a bit confused reading this issue about distros not providing detached signed isos and what generic instructions are missing for you to actually sign those isos yourself without needing Heads to change?

I'm not sure why I should implement a unsafe (and unsecure and really often reported to Heads problems ) because ISO is actually either broken by download and where no integrity validation would result in Heads receiving reports because of user error or bad/cheap USB thumb drive or mismanipulations.

I am not enticed myself into creating code that will result in more issues opened under Heads. Which would resolve in more time involvement on my side that would result into "Your ISO seems broken, have you verified the checksums provided by the distrubution and upstream instructions" I'm really not looking into dealing with this, are you?

i think the issue is less about how i should go about things but more in regards to how i cant go about things i am well aware that i could sign the iso but the issue is more that i feel i shouldnt have to if i am aware of the issues that might bring such as your examples about corrupted isos or maybe even malicous isos it should still be an option maybe at compile time to choose to enable this unsafe usb boot so only people who self compiled heads can even be presented with this option that should mitigate your worries about issues from non technical users that dont verify the hash or what not

arhabd avatar Jan 16 '25 19:01 arhabd

Similar questions asked today on channel

tlaurion avatar Feb 02 '25 15:02 tlaurion

Please review my proposition at https://github.com/linuxboot/heads/issues/1438#issuecomment-2629449582

@arhabd cc

tlaurion avatar Feb 02 '25 15:02 tlaurion

Please review my proposition at #1438 (comment)

@arhabd cc

i like the idea of hashing the file and presenting it to the user this way if the user wants to verify it its a possibility but if the user just wants to boot the usb insecurely its just a matter of clicking past the prompt

arhabd avatar Feb 02 '25 18:02 arhabd

Removed bounty/donations because Heads should not get in the way of what users want for security; it should only warn of risks, which is what #1984 implements.

tlaurion avatar Jul 10 '25 18:07 tlaurion

Fixed by https://github.com/linuxboot/heads/pull/1984

tlaurion avatar Aug 25 '25 01:08 tlaurion