From: Hector Martin <marcan@marcan.st>
To: Linus Walleij <linus.walleij@linaro.org>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, Jarkko Sakkinen <jarkko@kernel.org>
Cc: "Sumit Garg" <sumit.garg@linaro.org>,
"Arnd Bergmann" <arnd@linaro.org>,
"Joakim Bech" <joakim.bech@linaro.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Maxim Uvarov" <maxim.uvarov@linaro.org>,
"Ilias Apalodimas" <ilias.apalodimas@linaro.org>,
"Ruchika Gupta" <ruchika.gupta@linaro.org>,
"Winkler, Tomas" <tomas.winkler@intel.com>,
yang.huang@intel.com, bing.zhu@intel.com,
Matti.Moell@opensynergy.com, hmo@opensynergy.com,
linux-mmc <linux-mmc@vger.kernel.org>,
linux-scsi <linux-scsi@vger.kernel.org>,
linux-nvme@vger.kernel.org,
"Ulf Hansson" <ulf.hansson@linaro.org>,
"Arnd Bergmann" <arnd.bergmann@linaro.org>
Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem
Date: Wed, 10 Mar 2021 22:52:06 +0900 [thread overview]
Message-ID: <0a26713a-8988-1713-4358-bc62364b9e25@marcan.st> (raw)
In-Reply-To: <CACRpkdbQks5pRFNHkNLVvLHCBhh0XCv7pHYq25EVAbU60PcwsA@mail.gmail.com>
On 10/03/2021 18.48, Linus Walleij wrote:
> Disk is encrypted, and RPMB is there to block any exhaustive
> password or other authentication token search.
This relies on having a secure boot chain to start with (otherwise you
can just bypass policy that way; the RPMB is merely storage to give you
anti-rollback properties, it can't enforce anything itself). So you
would have to have a laptop with a fully locked down secure boot, which
can only boot some version of Linux signed by you until, say, LUKS
decryption. And then the tooling around that needs to be integrated with
RPMB, to use it as an attempt counter.
But now this ends up having to involve userspace anyway; the kernel key
stuff doesn't support policy like this, does it? So having the kernel
automagically use RPMB wouldn't get us there.
I may be wrong on the details here, but as far as I know RPMB is
strictly equivalent to a simple secure increment-only counter in what it
buys you. The stuff about writing data to it securely is all a red
herring - you can implement secure storage elsewhere, and with secure
storage + a single secure counter, you can implement anti-rollback.
It is not intended to store keys in a way that is somehow safer than
other mechanisms. After all, you need to securely store the RPMB key to
begin with; you might as well use that to encrypt a keystore on any
random block device.
> Ideally: the only way to make use of the hardware again would
> be to solder off the eMMC, if eMMC is used for RPMB.
> If we have RPMB on an NVME or UFS drive, the idea is
> to lock that thing such that it becomes useless and need to
> be replaced with a new part in this scenario.
>
> In practice: make it hard, because we know no such jail is
> perfect. Make it not worth the effort, make it cheaper for thieves
> to just buy a new harddrive to use a stolen laptop, locking
> the data that was in it away forever by making the drive
> useless for any practical attacks.
But RPMB does not enforce any of this policy for you. RPMB only gives
you a primitive: the ability to have storage that cannot be externally
rolled back. So none of this works unless the entire system is set up to
securely boot all the way until the drive unlock happens, and there are
no other blatant code execution avenues.
There isn't even any encryption involved in the protocol, so all the
data stored in the RPMB is public and available to any attacker.
So unless the kernel grows a subsystem/feature to enforce complex key
policies (with things like use counts, retry times, etc), I don't think
there's a place to integrate RPMB kernel-side. You still need a trusted
userspace tool to glue it all together.
--
Hector Martin (marcan@marcan.st)
Public Key: https://mrcn.st/pub
next prev parent reply other threads:[~2021-03-10 13:53 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-03 13:54 [RFC PATCH 0/5] RPMB internal and user-space API + WIP virtio-rpmb frontend Alex Bennée
2021-03-03 13:54 ` [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem Alex Bennée
2021-03-03 15:28 ` Ulf Hansson
2021-03-03 19:37 ` Alex Bennée
2021-03-04 20:56 ` Arnd Bergmann
2021-03-05 7:51 ` Joakim Bech
2021-03-05 8:44 ` Arnd Bergmann
2021-03-08 16:20 ` Linus Walleij
2021-03-09 21:09 ` Hector Martin
2021-03-10 5:14 ` Sumit Garg
2021-03-10 8:47 ` Hector Martin
2021-03-10 9:48 ` Linus Walleij
2021-03-10 13:52 ` Hector Martin [this message]
2021-03-11 0:36 ` Linus Walleij
2021-03-11 9:22 ` Hector Martin
2021-03-11 14:06 ` Linus Walleij
2021-03-11 20:02 ` Hector Martin
2021-03-12 9:22 ` Linus Walleij
2021-03-10 10:29 ` Sumit Garg
2021-03-11 0:49 ` Linus Walleij
2021-03-11 1:07 ` James Bottomley
2021-03-11 9:45 ` Hector Martin
2021-03-11 14:31 ` Linus Walleij
2021-03-11 20:29 ` Hector Martin
2021-03-11 20:57 ` Alex Bennée
2021-03-12 10:00 ` Linus Walleij
2021-03-12 9:47 ` Linus Walleij
2021-03-12 11:59 ` Sumit Garg
2021-03-12 12:08 ` Ilias Apalodimas
2021-03-09 17:12 ` David Howells
2021-03-10 4:54 ` Sumit Garg
2021-03-10 9:33 ` Linus Walleij
2021-03-03 13:54 ` [RFC PATCH 2/5] char: rpmb: provide a user space interface Alex Bennée
2021-03-04 7:01 ` Winkler, Tomas
2021-03-04 10:19 ` Alex Bennée
2021-03-04 10:34 ` Winkler, Tomas
2021-03-04 17:52 ` Alex Bennée
2021-03-04 19:54 ` Winkler, Tomas
2021-03-04 21:43 ` Arnd Bergmann
2021-03-05 6:31 ` Winkler, Tomas
2021-03-04 21:08 ` Arnd Bergmann
2021-03-03 13:54 ` [RFC PATCH 3/5] tools rpmb: add RPBM access tool Alex Bennée
2021-03-03 13:54 ` [RFC PATCH 4/5] rpmb: create virtio rpmb frontend driver [WIP] Alex Bennée
2021-03-03 13:55 ` [RFC PATCH 5/5] tools/rpmb: simple test sequence Alex Bennée
2021-03-09 13:27 ` [RFC PATCH 0/5] RPMB internal and user-space API + WIP virtio-rpmb frontend Avri Altman
2021-03-10 14:29 ` Alex Bennée
2021-03-11 13:45 ` Avri Altman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0a26713a-8988-1713-4358-bc62364b9e25@marcan.st \
--to=marcan@marcan.st \
--cc=Matti.Moell@opensynergy.com \
--cc=alex.bennee@linaro.org \
--cc=arnd.bergmann@linaro.org \
--cc=arnd@linaro.org \
--cc=bing.zhu@intel.com \
--cc=dhowells@redhat.com \
--cc=hmo@opensynergy.com \
--cc=ilias.apalodimas@linaro.org \
--cc=jarkko@kernel.org \
--cc=joakim.bech@linaro.org \
--cc=keyrings@vger.kernel.org \
--cc=linus.walleij@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=linux-nvme@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=maxim.uvarov@linaro.org \
--cc=ruchika.gupta@linaro.org \
--cc=sumit.garg@linaro.org \
--cc=tomas.winkler@intel.com \
--cc=ulf.hansson@linaro.org \
--cc=yang.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).