From: "Jan Lübbe" <jlu@pengutronix.de>
To: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Cc: barebox@lists.infradead.org
Subject: Re: [RFC 3/4] FIT: add FIT image support
Date: Mon, 16 Mar 2015 13:08:52 +0100 [thread overview]
Message-ID: <1426507732.3330.87.camel@pengutronix.de> (raw)
In-Reply-To: <20150316111432.GE26127@ns203013.ovh.net>
On Mo, 2015-03-16 at 12:14 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> On 11:19 Mon 16 Mar , Jan Lübbe wrote:
> > Later I'd like to have optional support to switch barebox into a
> > "non-secure" or "developer" mode at runtime, which would make hardware
> > secrets inaccessible. That could be triggered when a prompt appears or
> > when booting for a different source (such as USB fastboot).
>
> yeah, I like the idea but for this will have to put a lot of protection so you
> can not read/write some part of the memory included barebox itself (in RAM)
>
> As in the kernel we have no memmory protection from the shell.
Not necessarily. For example on the MX6 you can trigger a security
violation in the CAAM from software. That will clear the OTPMK in its
Key-RAM. From that point on you can run any software but you will not be
able to decrypt any secret data which was encrypted with the OTPMK.
On hardware which supports something like this, debugging hardware
problems is easy and there is no danger of leaking any secret
information. If something is useful/possible in any specific project
obviously depends on the threat model and hardware capabilities.
> > > the main problem is not console but env you need to drop RW env support
> > > and use only RO one, except for keyring support where you will a RW env but
> > > not executable and only accesable by crypto API
> > >
> > > otherwise you need to use a secured digest such as HMAC/CMAC/OMAC support
> > > to sign the env at runtime and ensure the symetric key is secured
> > > or encrypt it via aes (did this in the past)
> >
> > For an upcoming project we'll add HMAC support to the state storage Marc
> > recently submitted.
> I've a patch too I need to send it
For environment or state storage?
> but I prefer to wait we have keystore support as this will store the key for
> the HMAC otherwise we need to use HW HMAC that store the key in the soc
Another possibility is to use the HW AES key and a compiled in value to
derive a per-device HMAC secret. The same approach can also be used in
Linux for deriving the IMA/EVM HMAC secret.
Regards,
Jan
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2015-03-16 12:09 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-12 14:39 [RFC 0/4] FIT Support Jan Luebbe
2015-03-12 14:39 ` [RFC 1/4] digest: Make filename arguments const Jan Luebbe
2015-03-13 7:40 ` Sascha Hauer
2015-03-12 14:39 ` [RFC 2/4] Add rsa support Jan Luebbe
2015-03-12 17:47 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 9:35 ` Jan Lübbe
2015-03-13 9:56 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:06 ` Sascha Hauer
2015-03-13 10:12 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:22 ` Jan Lübbe
2015-03-13 10:26 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:10 ` Jan Lübbe
2015-03-13 10:25 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:43 ` Jan Lübbe
2015-03-13 15:49 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:00 ` Jan Lübbe
2015-03-16 10:27 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:25 ` Jan Lübbe
2015-03-16 11:33 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 15:42 ` Jan Lübbe
2015-03-17 10:48 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-17 12:09 ` Jan Lübbe
2015-03-17 12:39 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-17 12:57 ` Jan Lübbe
2015-03-12 14:39 ` [RFC 3/4] FIT: add FIT image support Jan Luebbe
2015-03-12 18:19 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 9:28 ` Jan Lübbe
2015-03-13 10:05 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:21 ` Jan Lübbe
2015-03-13 14:28 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 15:41 ` Jan Lübbe
2015-03-13 16:08 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:19 ` Jan Lübbe
2015-03-16 11:14 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 12:08 ` Jan Lübbe [this message]
2015-03-16 12:19 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 13:28 ` Jan Lübbe
2015-03-16 13:51 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 14:31 ` Jan Lübbe
2015-03-16 14:40 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 14:50 ` Jan Lübbe
2015-03-13 11:33 ` Marc Kleine-Budde
2015-03-13 15:54 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 16:06 ` Marc Kleine-Budde
2015-03-13 17:00 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:04 ` Jan Lübbe
2015-03-16 10:28 ` Jean-Christophe PLAGNIOL-VILLARD
2015-12-29 10:18 ` Yegor Yefremov
2015-03-12 14:39 ` [RFC 4/4] FIT: add test config and data [do not merge] Jan Luebbe
2015-03-12 14:51 ` [RFC] digest: Add enum Jan Luebbe
2015-03-12 17:50 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 9:54 ` Jan Lübbe
2015-03-13 10:10 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 18:50 ` Robert Schwebel
2015-11-11 11:39 ` [RFC 0/4] FIT Support Yegor Yefremov
2015-11-13 11:35 ` Antony Pavlov
2015-11-13 12:54 ` Sascha Hauer
2015-12-29 8:10 ` Yegor Yefremov
2016-01-05 8:11 ` Marc Kleine-Budde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426507732.3330.87.camel@pengutronix.de \
--to=jlu@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=plagnioj@jcrosoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox