1 |
On Sun, Jun 17, 2012 at 1:34 PM, Sascha Cunz <sascha-ml@×××××××××.org> wrote: |
2 |
> |
3 |
> Given the fact that the keys in the BIOS must somehow get there and it must |
4 |
> also be able to update them (how to revoke or add keys else?). |
5 |
|
6 |
Based on what I've read the keys are stored in flash. The flash |
7 |
module itself is protected. There are a number of ways to implement |
8 |
something like this fairly securely. The simplest is to have an |
9 |
unprotected area of the flash that the OS can write to. Upon bootup |
10 |
the firmware looks in this area for a signed message. If the message |
11 |
is signed by a trusted source, then the firmware interprets it as |
12 |
instructions to update itself, add/remove keys, or whatever. Then |
13 |
before booting the OS the firmware sets the protect flag on the |
14 |
protected area of flash that is only unset by a hardware reset. |
15 |
|
16 |
The only software exploit against something like this is to find a bug |
17 |
in the code that inspects the flash (overflow/etc) to trick it into |
18 |
running an unsigned blob. There are also hardware attacks, like |
19 |
bypassing flash protection hardware, directly accessing flash, or |
20 |
controlling what shows up on the data bus when the CPU tries to read |
21 |
the firmware. Any of these can be made fairly difficult, and extreme |
22 |
case being how modern gaming consoles work (flash embedded in CPU, and |
23 |
so on). |
24 |
|
25 |
> |
26 |
> Unless this is completely done in hardware, there must be a software doing it. |
27 |
> Software can - by design - be reverse engineered; in some countries even |
28 |
> legally without any further agreement or license. |
29 |
|
30 |
With the scheme above no software need be distributed that contains |
31 |
any information useful for anything other than a replay attack. The |
32 |
blob would be signed prior to distribution. You could read the code |
33 |
that loads it into the flash, but that need not be kept secret. You |
34 |
can load whatever you want into the flash and it won't matter unless |
35 |
it is signed. |
36 |
|
37 |
If the hardware is fancy enough you could even update settings without |
38 |
having to reboot, and again unless the hardware isn't done right |
39 |
you're not going to be able to get around it without tapping |
40 |
busses/etc. |
41 |
|
42 |
Rich |