linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sumit Garg <sumit.garg@linaro.org>
To: Hector Martin <marcan@marcan.st>,
	Linus Walleij <linus.walleij@linaro.org>
Cc: "Arnd Bergmann" <arnd@linaro.org>,
	"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
	"David Howells" <dhowells@redhat.com>,
	"Jarkko Sakkinen" <jarkko@kernel.org>,
	"Joakim Bech" <joakim.bech@linaro.org>,
	"Alex Bennée" <alex.bennee@linaro.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"Maxim Uvarov" <maxim.uvarov@linaro.org>,
	"Ilias Apalodimas" <ilias.apalodimas@linaro.org>,
	"Ruchika Gupta" <ruchika.gupta@linaro.org>,
	"Winkler, Tomas" <tomas.winkler@intel.com>,
	yang.huang@intel.com, bing.zhu@intel.com,
	Matti.Moell@opensynergy.com, hmo@opensynergy.com,
	linux-mmc <linux-mmc@vger.kernel.org>,
	linux-scsi <linux-scsi@vger.kernel.org>,
	linux-nvme@vger.kernel.org,
	"Ulf Hansson" <ulf.hansson@linaro.org>,
	"Arnd Bergmann" <arnd.bergmann@linaro.org>
Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem
Date: Wed, 10 Mar 2021 10:44:56 +0530	[thread overview]
Message-ID: <CAFA6WYOYmTgguVDwpyjnt3gLssqW48qzAkRD_nyPYg0nNhxT2A@mail.gmail.com> (raw)
In-Reply-To: <6c542548-cc16-af68-c755-df52bd13b209@marcan.st>

On Wed, 10 Mar 2021 at 02:47, Hector Martin <marcan@marcan.st> wrote:
>
> On 09/03/2021 01.20, Linus Walleij wrote:
> > I suppose it would be a bit brutal if the kernel would just go in and
> > appropriate any empty RPMB it finds, but I suspect it is the right way
> > to make use of this facility given that so many of them are just sitting
> > there unused. Noone will run $CUSTOM_UTILITY any more than they
> > run the current RPMB tools in mmc-tools.
>
> AIUI the entire thing relies on a shared key that is programmed once
> into the RPMB device, which is a permanent operation. This key has to be
> secure, usually stored on CPU fuses or derived based on such a root of
> trust. To me it would seem ill-advised to attempt to automate this
> process and have the kernel do a permanent take-over of any RPMBs it
> finds (with what key, for one?) :)
>

Wouldn't it be a good idea to use DT here to represent whether a
particular RPMB is used as a TEE backup or is available for normal
kernel usage?

In case of normal kernel usage, I think the RPMB key can come from
trusted and encrypted keys subsystem.

-Sumit

> For what it's worth, these days I think Apple uses a separate, dedicated
> secure element for replay protected storage, not RPMB. That seems like a
> sane approach, given that obviously Flash storage vendors cannot be
> trusted to write security-critical firmware. But if all you have is
> RPMB, using it is better than nothing.
>
> The main purpose of the RPMB is, as the name implies, replay protection.
> You can do secure storage on any random flash with encryption, and even
> do full authentication with hash trees, but the problem is no matter how
> fancy your scheme is, attackers can always dump all memory and roll your
> device back to the past. This defeats stuff like PIN code attempt
> limits. So it isn't so much for storing crypto keys or such, but rather
> a way to prevent these attacks.
>
> --
> Hector Martin (marcan@marcan.st)
> Public Key: https://mrcn.st/pub

  reply	other threads:[~2021-03-10  5:16 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-03 13:54 [RFC PATCH 0/5] RPMB internal and user-space API + WIP virtio-rpmb frontend Alex Bennée
2021-03-03 13:54 ` [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem Alex Bennée
2021-03-03 15:28   ` Ulf Hansson
2021-03-03 19:37     ` Alex Bennée
2021-03-04 20:56   ` Arnd Bergmann
2021-03-05  7:51     ` Joakim Bech
2021-03-05  8:44       ` Arnd Bergmann
2021-03-08 16:20         ` Linus Walleij
2021-03-09 21:09           ` Hector Martin
2021-03-10  5:14             ` Sumit Garg [this message]
2021-03-10  8:47               ` Hector Martin
2021-03-10  9:48                 ` Linus Walleij
2021-03-10 13:52                   ` Hector Martin
2021-03-11  0:36                     ` Linus Walleij
2021-03-11  9:22                       ` Hector Martin
2021-03-11 14:06                         ` Linus Walleij
2021-03-11 20:02                           ` Hector Martin
2021-03-12  9:22                             ` Linus Walleij
2021-03-10 10:29                 ` Sumit Garg
2021-03-11  0:49                   ` Linus Walleij
2021-03-11  1:07                     ` James Bottomley
2021-03-11  9:45                     ` Hector Martin
2021-03-11 14:31                       ` Linus Walleij
2021-03-11 20:29                         ` Hector Martin
2021-03-11 20:57                           ` Alex Bennée
2021-03-12 10:00                             ` Linus Walleij
2021-03-12  9:47                           ` Linus Walleij
2021-03-12 11:59                           ` Sumit Garg
2021-03-12 12:08                             ` Ilias Apalodimas
2021-03-09 17:12         ` David Howells
2021-03-10  4:54           ` Sumit Garg
2021-03-10  9:33           ` Linus Walleij
2021-03-03 13:54 ` [RFC PATCH 2/5] char: rpmb: provide a user space interface Alex Bennée
2021-03-04  7:01   ` Winkler, Tomas
2021-03-04 10:19     ` Alex Bennée
2021-03-04 10:34       ` Winkler, Tomas
2021-03-04 17:52         ` Alex Bennée
2021-03-04 19:54           ` Winkler, Tomas
2021-03-04 21:43             ` Arnd Bergmann
2021-03-05  6:31               ` Winkler, Tomas
2021-03-04 21:08   ` Arnd Bergmann
2021-03-03 13:54 ` [RFC PATCH 3/5] tools rpmb: add RPBM access tool Alex Bennée
2021-03-03 13:54 ` [RFC PATCH 4/5] rpmb: create virtio rpmb frontend driver [WIP] Alex Bennée
2021-03-03 13:55 ` [RFC PATCH 5/5] tools/rpmb: simple test sequence Alex Bennée
2021-03-09 13:27 ` [RFC PATCH 0/5] RPMB internal and user-space API + WIP virtio-rpmb frontend Avri Altman
2021-03-10 14:29   ` Alex Bennée
2021-03-11 13:45     ` Avri Altman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAFA6WYOYmTgguVDwpyjnt3gLssqW48qzAkRD_nyPYg0nNhxT2A@mail.gmail.com \
    --to=sumit.garg@linaro.org \
    --cc=Matti.Moell@opensynergy.com \
    --cc=alex.bennee@linaro.org \
    --cc=arnd.bergmann@linaro.org \
    --cc=arnd@linaro.org \
    --cc=bing.zhu@intel.com \
    --cc=dhowells@redhat.com \
    --cc=hmo@opensynergy.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=jarkko@kernel.org \
    --cc=joakim.bech@linaro.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linus.walleij@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mmc@vger.kernel.org \
    --cc=linux-nvme@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=marcan@marcan.st \
    --cc=maxim.uvarov@linaro.org \
    --cc=ruchika.gupta@linaro.org \
    --cc=tomas.winkler@intel.com \
    --cc=ulf.hansson@linaro.org \
    --cc=yang.huang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).