From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Rich Persaud <persaur@gmail.com>
Cc: "Jason Gunthorpe" <jgg@ziepe.ca>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, monty.wiseman@ge.com,
"Monty Wiseman" <montywiseman32@gmail.com>,
"Matthew Garrett" <mjg59@google.com>,
"Trammell Hudson" <hudson@trmm.net>,
"Daniel Smith" <dpsmith@apertussolutions.com>,
"Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
Subject: Re: Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks
Date: Wed, 21 Nov 2018 11:07:06 +0200 [thread overview]
Message-ID: <20181121090706.GA9616@linux.intel.com> (raw)
In-Reply-To: <F10185EF-C618-45DC-B1F3-0053B8FE417F@gmail.com>
On Wed, Nov 21, 2018 at 03:08:51AM -0500, Rich Persaud wrote:
> On Nov 21, 2018, at 02:18, Jarkko Sakkinen
> <jarkko.sakkinen@linux.intel.com> wrote:
>
> On Tue, Nov 20, 2018 at 10:42:01PM -0700, Jason Gunthorpe wrote:
>
> Why you wouldn't use DMA to spy the RAM?
>
> The platform has to use IOMMU to prevent improper DMA access from
>
> places like PCI-E slots if you are using measured boot and want to
>
> defend against HW tampering.
>
> Yes. This is what I wanted to point out. Windows 10 has VBS to
> achieve something like this.
> https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
>
> The BIOS has to sequence things so that at least pluggable PCI-E slots
>
> cannot do DMA until the IOMMU is enabled.
>
> Yep.
>
> Honestly not sure if we do this all correctly in Linux, or if BIOS
>
> vendors even implemented this level of protection. The BIOS would have
>
> to leave the PCI-E root port slots disabled, and configure the ports
>
> to reject config TLPs from the hostile PCI-E device, and probably a
>
> big bunch of other stuff.. Then Linux would have to enable the IOMMU
>
> and then enable the PCI-E ports for operation.
>
> Linux should have something like VBS. Like James' proposal it does not
> solve the puzzle but is one step forward...
>
> Qubes OS and OpenXT [1][2] can use Linux, Xen, IOMMU and DRTM for boot
> integrity and PCI device isolation. They preceded VBS by several years
> [3]. Trammell's talk, "Firmware is the new Software" [4] and work on
> Heads [5][6] is also relevant.
> Rich
> 1. https://www.platformsecuritysummit.com/2018/references/#openxt
> 2. https://www.platformsecuritysummit.com/2018/topic/boot/
> 3. https://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html
> 4. https://www.platformsecuritysummit.com/2018/speaker/hudson/
> 5. https://www.trmm.net/Heads
> 6. https://puri.sm/posts/the-librem-key-makes-tamper-detection-easy/
Please do not send HTML trashed emails. For more information how to
configure your email client, please refer to:
https://www.kernel.org/doc/Documentation/email-clients.txt
Thank you.
/Jarkko
next prev parent reply other threads:[~2018-11-21 9:07 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-19 17:34 Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks James Bottomley
2018-11-19 20:05 ` Jason Gunthorpe
2018-11-19 20:20 ` James Bottomley
2018-11-19 21:19 ` Jason Gunthorpe
2018-11-19 21:34 ` James Bottomley
2018-11-19 21:44 ` Jason Gunthorpe
2018-11-19 22:36 ` James Bottomley
2018-11-19 23:08 ` Jason Gunthorpe
2018-11-20 0:54 ` James Bottomley
2018-11-20 3:05 ` Jason Gunthorpe
2018-11-20 17:17 ` James Bottomley
2018-11-20 21:33 ` Jason Gunthorpe
2018-11-20 22:34 ` James Bottomley
2018-11-20 23:39 ` Jason Gunthorpe
2018-11-21 2:24 ` EXTERNAL: " Jeremy Boone
2018-11-21 5:16 ` Jason Gunthorpe
2018-11-20 23:52 ` Jarkko Sakkinen
2018-11-20 23:41 ` Jarkko Sakkinen
2018-11-20 11:10 ` Jarkko Sakkinen
2018-11-20 12:41 ` Jarkko Sakkinen
2018-11-20 17:25 ` James Bottomley
2018-11-20 23:13 ` Jarkko Sakkinen
2018-11-20 23:58 ` James Bottomley
2018-11-21 0:33 ` EXTERNAL: " Jeremy Boone
2018-11-21 6:37 ` Jarkko Sakkinen
2018-11-21 5:42 ` Jason Gunthorpe
2018-11-21 7:18 ` Jarkko Sakkinen
[not found] ` <F10185EF-C618-45DC-B1F3-0053B8FE417F@gmail.com>
2018-11-21 9:07 ` Jarkko Sakkinen [this message]
2018-11-21 9:14 ` Jarkko Sakkinen
2018-11-20 17:23 ` James Bottomley
2018-11-20 23:12 ` Jarkko Sakkinen
2018-12-10 16:33 ` Ken Goldman
2018-12-10 17:30 ` James Bottomley
2018-12-11 21:47 ` Ken Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181121090706.GA9616@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dpsmith@apertussolutions.com \
--cc=hudson@trmm.net \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=marmarek@invisiblethingslab.com \
--cc=mjg59@google.com \
--cc=monty.wiseman@ge.com \
--cc=montywiseman32@gmail.com \
--cc=persaur@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).