On 06.03.2010 23:57, Stefan Reinauer wrote: > On 3/6/10 8:28 PM, Carl-Daniel Hailfinger wrote: > >> On 06.03.2010 19:52, ron minnich wrote: >> >> >>> It would be nice, if a flashrom is in there, to also have some sort of >>> security too I think. >>> >>> Something that is not as easily compromised as the stuff that's out >>> there now, which relies on security through obscurity. >>> >>> Is it even possible? >>> >>> >>> >> Well, I implemented signature checking for coreboot (so that only signed >> payloads would be executed). >> >> > When coresystems developed our first version of hard crypto signature > checking for firmware in 2007/2008 we explicitly decided to not check > the payload but only let the payload check further stages. The reason > was that if you're able to compromise the flash chip, you're able to > reprogram coreboot just as well as the payload. Also, we didn't want > feel comfortable to duplicate the amount of crypto code in the flash, > and there is no serious mechanism around that protects only the > bootblock, at least not on commonly used systems. >
Indeed. > So I'm interested to hear your reasons to do this in coreboot itself... > Is your code publically available somewhere? > Code: http://www.mail-archive.com/[email protected]/msg17372.html Thesis by Rene Reuter: http://sit.sit.fraunhofer.de/smv/publications/downloads/KonzeptTrustedBoot_Reuter.pdf Reasons: Basically, I did it for fun, and because Rene was stuck trying to include OpenSSL in coreboot. I simply coded up a working alternative. And yes, I agree that checking the payload is pointless if flash protection is either full-on (not needed) or full-off (attacker can modify coreboot itself). The only halfway reasonable use case would be if coreboot is in a write protected part of the flash chip and the payload is in an unprotected part of the flash chip. Regards, Carl-Daniel -- "I do consider assignment statements and pointer variables to be among computer science's most valuable treasures." -- Donald E. Knuth -- coreboot mailing list: [email protected] http://www.coreboot.org/mailman/listinfo/coreboot
