The Linux kernel may not be quite as secure as it should be

Security Key
(Image credit: Pixabay)

A policy and process overview of the Linux kernel has identified some “potential pain points” in the handling and signing process of the security keys for the Linux kernel.

The review of the kernel teams’ processes for signing releases and for the policies and procedures for the handling of the signing keys was sought by the Linux Foundation and conducted by cybersecurity experts at the Open Source Technology Improvement Fund  (OSTIF) and Trail of Bits.

“This review resulted in seven recommendations that can help improve the robustness of the security and use of the signing keys for the Linux Kernel,” notes OSTIF in its report.

In addition to the recommendation, the report notes that Trail of Bits suggested that kernel developers should flesh out and update the documentation on the procedures and policies in order to help organizations wrap their heads around the current practices.

Key issues

In addition to highlighting the shortcomings, the report also included a series of recommended mitigations as well. 

Notably, the Linux Foundation kernel team members, more or less agreed to most of the suggestions, except for one that goes against the principles of the wider open source community.

The report pointed out that the kernel doesn’t enforce the use of smart cards to store private key material used for GPG or SSH on a separate smart card device for individuals with commit rights on key Linux kernel repositories. 

Furthermore, the Linux Foundation’s recommended smartcard Nitrokey doesn’t support touch activation, which the report argues is much better than the passphrase-only protected Nitrokey.

The report notes that the Linux Foundation kernel team members responded to these suggestions by expressing their inability to switch to Yubikey with touch activation, since it is not open source and can’t be trusted for securing critical infrastructure.

However, the developers said they might update their policies to recommend that the current Nitrokeys be physically removed from the administrator’s computer when not in use. 

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.