1 |
On Fri, Mar 6, 2020 at 3:55 PM Wols Lists <antlists@××××××××××××.uk> wrote: |
2 |
> |
3 |
> On 06/03/20 19:39, Rich Freeman wrote: |
4 |
> > |
5 |
> > They don't detail the effort required. If the firmware is patched it |
6 |
> > sounds like it still requires tinkering with hardware. |
7 |
> |
8 |
> By then it's TOO LATE. The firmware is signed for security, AND LOADED |
9 |
> AT BOOT. But if the boot process is compromised, the attacker simply |
10 |
> doesn't load the patched firmware. |
11 |
|
12 |
The patched firmware executes before any software you boot, assuming |
13 |
your device was patched before the hacker got his hands on it. |
14 |
|
15 |
Obviously if you lost your laptop last week and the hacker has it in |
16 |
their closet, then they're going to be able to attack the unpatched |
17 |
firmware with a software hack. |
18 |
|
19 |
From the descriptions I'm seeing it sounds like the attack against the |
20 |
hardware itself requires physical access to some of the busses. A |
21 |
proper TPM should resist this sort of attack, and that is why this is |
22 |
a vulnerability. However, you can't just stick a USB drive into a |
23 |
computer to hack it if the firmware is patched. |
24 |
|
25 |
> > |
26 |
> > Yes, but keep in mind the signing keys have nothing to do with disk |
27 |
> > encryption. It is for remote attestation. Hence my Netflix comment. |
28 |
> > |
29 |
> Signing keys have EVERYTHING to do with whether you can trust the CPU. |
30 |
> If you can't trust the CPU, then it can simply read the disk encryption |
31 |
> credentials without any reference to whether it SHOULD read them. |
32 |
|
33 |
So, I think you're conflating a few different things here. |
34 |
|
35 |
First, trust is a choice you make. Whether you trust the CPU or not |
36 |
makes no difference in whether somebody else can defeat the embedded |
37 |
TPM. |
38 |
|
39 |
Second, the signing keys we're talking about are keys embedded in the |
40 |
CPU used by the CPU to sign stuff. These keys aren't used for |
41 |
encrypting anything, and they aren't used for decrypting anything. |
42 |
They're also not used to verify firmware/etc. It would make no sense |
43 |
to put the firmware signing key in the CPU - that key would be locked |
44 |
up at the firmware vendor's HQ with the corresponding public key |
45 |
embedded in the CPUs. |
46 |
|
47 |
Don't get me wrong - encryption keys stored in the CPU are compromised |
48 |
by this vulnerability. However, this has nothing to do with the |
49 |
signing keys. |
50 |
|
51 |
I suspect that modifying the firmware might also be possible due to |
52 |
this vulnerability, by replacing the public key in the CPU with a new |
53 |
one that you generated. Again, that has nothing to do with the |
54 |
signing keys on the CPU. |
55 |
|
56 |
The signing keys should just be associated with remote attestation. |
57 |
|
58 |
> And it only takes ONE person to crack that master key ONCE, and |
59 |
> EVERYBODY is up shit creek. |
60 |
|
61 |
No - there isn't any master key stored inside an Intel CPU that can be |
62 |
used to compromise the encryption on other hosts. We're talking about |
63 |
the signing keys used for remote attestation. |
64 |
|
65 |
Again, Netflix and Intel and similar companies are going to be ticked |
66 |
if that master key is leaked, but it won't have any impact on disk |
67 |
encryption. |
68 |
|
69 |
Of course, disk encryption is still compromised by the vulnerability. |
70 |
It just has nothing to do with the master signing keys (which are also |
71 |
model-specific and not completely universal), and hacking any |
72 |
individual device, if patched, will probably still require a |
73 |
hardware-level attack against that specific device. |
74 |
|
75 |
> At the end of the day, it's a "tree of trust". And once the root key is |
76 |
> compromised, you can NOT trust ANY key that was secured by said root |
77 |
> key. |
78 |
|
79 |
Yup. Fortunately the disk encryption keys are unique to each device, |
80 |
and stored in the compromised TPM hardware. They aren't really |
81 |
secured by a root key in any meaningful way. |
82 |
|
83 |
-- |
84 |
Rich |