[Bug 205886] USB install image requires write access to install media during boot!
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jan 4 18:07:32 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205886
Bug ID: 205886
Summary: USB install image requires write access to install
media during boot!
Product: Base System
Version: 10.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: conf
Assignee: freebsd-bugs at FreeBSD.org
Reporter: oliver.jones at gmx.com
I have a Kanguru FlashTrust USB stick, which I used to boot and install FreeBSD
10.2 from. This particular USB stick has a physical write-protect switch, which
I enable after setup, to prevent unauthorised modifications.
I use this particular brand because:
a) The firmware is signed, to prevent exploits or attacks via BadUSB.
b) The write protection secures install media against unauthorised changes.
There is one small problem, however: When booting from the USB image, FreeBSD
10.2 requires write access to the USB install medium in order to proceed!
Booting with the write protect switch enabled on the USB stick will prevent
FreeBSD 10.2 from booting and starting the installer! To boot without errors
requires the boot media to be writable. This is not necessary with Linux or
Windows (typically Windows PE) USB images.
I appreciate that this issue is probably not noticeable in most cases, because
most USB sticks cannot be write-protected, and will therefore silently accept
writes. But this is a security flaw, since it prevents the boot media from
being secured against unauthorised changes after creation and verification.
Please fix it.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list