Private bug reported:
Secured Recovery is a critical platform security capability that ensures
a system can be safely restored to a trusted and operational state after
firmware corruption, failed updates, or security compromise. It
complements Secure Boot and Secured Update by providing a trusted
fallback and recovery mechanism when normal boot paths are no longer
viable.
Secured Recovery typically relies on a hardware root of trust and
immutable firmware components to validate and restore system firmware,
bootloaders, and critical platform state. Recovery mechanisms may
include protected recovery partitions, signed recovery images, dual-bank
firmware (A/B), or external recovery via BMC or management controllers.
This feature is essential for protecting against firmware corruption,
rollback attacks, and malicious tampering, while ensuring system
availability and serviceability in enterprise and cloud environments.
In the Linux kernel, Secured Recovery has indirect involvement. The OS
may participate in triggering recovery workflows, validating system
state post-recovery, and integrating with update frameworks. However,
the primary implementation resides in firmware and platform hardware.
Enhancing OS-level visibility and integration would improve
manageability and reliability of recovery operations.
Feature Request:
Requested details to be enabled on OS:
Support detection of recovery mode and expose status to the OS.
Enable integration with secure firmware recovery mechanisms (e.g., dual-bank
firmware, recovery partitions).
Provide interfaces for triggering recovery (via user-space tools or
management frameworks).
Ensure validation of recovery images using cryptographic signatures.
Support rollback protection during recovery operations.
Integrate with update frameworks (e.g., fwupd) for coordinated recovery
workflows.
Expose recovery logs and status via sysfs/debugfs or user-space APIs.
Enable interaction with BMC/management controllers for remote recovery.
Support recovery of device firmware (PCIe/CXL devices, NICs, storage).
Provide mechanisms for post-recovery validation and attestation.
Enable audit logging of recovery events for compliance and diagnostics.
Document recovery workflows, configuration, and platform dependencies.
Business Justification:
Ensures system availability even after firmware corruption or failed updates.
Protects against persistent firmware attacks and tampering.
Reduces downtime and improves serviceability in production environments.
Enhances trust in platform recovery mechanisms for enterprise and cloud
deployments.
Supports compliance with security and reliability standards.
Complements Secure Boot and Secured Update for end-to-end platform security.
References:
UEFI Firmware Recovery and Capsule Update Specifications
Platform Root of Trust and Secure Boot Documentation
fwupd and Firmware Update Frameworks
Industry Guidelines for Secure Firmware Recovery and Resilience
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Public to Private
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2146712
Title:
Request for Security Support – Secured Recovery
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2146712/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
