This doesn't help if an attacker modifies the kernel to provide the correct data regardless of the actual filesytem contents. You really need either UEFI Secure Boot or a TPM-based measured boot to have confidence that /boot hasn't been tampered with.
Could you comment on my idea of slight extension of chkboot-style verification:
a) Use signatures instead of hashes and keep the "correct" signature secret. This would prevent attacker from hard-coding correct looking output into the tampered system.
b) Do not store the correct signature anywhere where the potentially tampered system could read it. I'm thinking using smartphone or possibly some usb module for verification, or maybe just rely on users memory (assisted with something akin to SSH randomart fingerprints)
c) Fill free space on /boot with random data and calculate the signature for the whole partition. This is to detect if attacker attempts to store backup copies of untampered files.
To me it's not immediately obvious how attacker could tamper with boot files without detection, presuming that their ability to tamper is restricted to the hard drive (i.e. no firmware attacks etc).
edit: for clarification, I'm talking only hypothetically here, I'm not considering this sort of system for personal use nor would I be recommending it to anyone else.
The attacker is not going to keep the SHA256 hashes, but the whole of the original /boot. (Where, you're asking? Anywhere you forgot Ring 0 could store data, and a few places you never even knew about.) Subsequently, he will intercept system calls to open(2) and friends, and serve the saved data. This is a fairly old technique: on the first page of a Google search[1], you can find a Phrack article from 2009[2]. In fact the seminal work I believe is Reflections on Trusting Trust by Ken Thompson, set in print in 1984.
The BIOS has some flash memory. Various devices have flashable firmware. If the machine is on the network, storage could be remote. Maybe the attacker plugged a flash drive into a USB port. Maybe the attacker left a bluetooth-accessible device nearby.
Or the attacker could just use the hard drive. Pick a random block. Chances are decent the corruption won't be noticed anytime soon, especially if the block is, say, at the end of the ext4 journal, which was probably clean at shutdown anyway.
The attacker can compress non-random part of /boot partition to free some space for his "rootkit". The rootkit will reconstruct hard drive contents before running OS or just make it look like it is reconstructed through virtualization.
Like all tamper detection it can be subverted as you describe. However it does raise the bar/costs for the attacker since their subversion has to be larger and more complex as it takes longer to write, needs more skill, more places to have bugs etc.
If the attacker can modify the kernel then I think you have already lost the battle. This script, as it says in README, checks that the files in /boot have not been altered between reboots.
My understanding is (I may be wrong) that this script protects from physical attacks when the attacker covertly modifies your /boot partition (where the kernel resides along with the initramfs) while your computer is turned off. The attacker can not modify the other partitions because they are encrypted.
The attacker modifies the on-disk copy of the kernel such that when userspace tries to read the kernel it gets given a backed up copy of the unmodified kernel. Chkboot says everything is fine, but in reality the system is backdoored.
This doesn't provide additional security. If your bootloader is compromised, it could boot into a compromised kernel (bootkit) that will fake any syscalls that attempt to figure out if the system is compromised. No, signatures and hashes won't help (you can just return the old files, or store your changes to the files and return the file contents with your changes reverted).
It's the same problem as UEFI defining that a certain UEFI variable will be set if you booted securely -- but a malicious kernel could just fake that UEFI variable.
Instead, you should have authenticated encryption for both /boot and your root filesystem. GRUB has been able to boot from encrypted partitions for a while, we should push for that to be the default (I'm not sure if it's authenticated encryption though).
Good, I'm not the only one. I was waiting for the readme to mention how they'd solved the chicken / egg problem here: you can't guarantee integrity of boot until you've loaded the OS, and you can't load the OS until you've guaranteed the integrity of boot. I was thinking I'd missed something.
I looked into the options and the best I feel available is separate /boot on a USB key AND wrapping that key inside a tiny LUKS volume, so you need the key inside of it and a password, which is poor man's two-factor for booting full-disk crypto.
But as I know LUKS and other disk systems in Unix decrypt, and do not MAC then encrypt, I wonder if I am wasting even more of my time I do not have to begin with.
It seems like most people do not know that grub can actually boot kernels from an encrypted boot partition. It does not protect the MBR or EFI partition, so a manipulated stage1 loader might be able to pull off some attack but i am always surprised how few people really use that...
I agree with mjg59 that this sort of system does not provide true security. That said, I think it might be slightly more effective if the system verifies the whole /boot partition instead of just the files within, especially if free space is filled with random bytes.
edit: I also think it might be ever so slightly better to calculate signatures instead of plain hashes. That would make it bit more difficult for attacker to forge correct values.
