To follow-up to my original question, here's a pointer to an email
'interview' with Andrew of NIST clarifying the 'golden master' and some
PKI issues.

http://firmwaresecurity.com/2015/10/13/interview-with-andrew-regenscheid-of-nist/

I was incorrect in thinking that fully open source firmware was needed
for golden images, below.

Thanks.

On 09/09/2015 11:14 AM, Blibbet wrote:
> I have some questions about UEFI and the below excerpts from NIST
> SP-147, from sections 3.1.1 and 3.2.
>
> Is this "gold master image" possible with UEFI? Are any enterprises
> practicing this? What tools are they using? I can't any information on
> any enterprise who does this today.
>
> I currently doubt it is possible with UEFI, given how little information
> -- by UEFI Forum, IBVs, OEMs or IHVs -- is provided to system owners on
> how to backup/restore their BIOS.  At least I can't find any info so far.
>
> Can anyone point me to a case where an organization can "assert greater
> control" or "actively participate in the update process", like below?
>
> Most of the security in these guidelines are based on crypto, yet I've
> yet to find a CRL or OSCP URL by an IBV/OEM/IHV for any of their UEFI
> signed code.
>
> Can anyone point to a case where someone is able to test the security of
> this signed code?
>
> How can "multi-party control" with below PKI if the enterprise can't
> even access the original keys?
>
> I could see the below with UEFI in a fully-open source firmware
> scenerio. But all UEFI IBVs are closed-source, and Intel's FSP is
> closed-source, so I don't see how mainstream UEFI-based systems can be
> used with 147 enterprise guidelines.
>
> If anyone can point to any more info on this, please speak up.
>
> I'm giving a talk to some sysadmins on integrating SP-147 with UEFI
> along with traditional hardware lifecycle models on Thursday... :-)
>
> Thanks,
> Lee
> RSS: http://firmwaresecurity.com
>
> ----snip----
>
> Some organizations may wish to assert greater control over BIOS updates
> in high-security environments. The authenticated update mechanism may be
> designed to permit organizational control over the update process, where
> updates to the BIOS or rollbacks of the BIOS to an earlier version are
> permitted only if the update or rollback has been authorized by the
> organization. For example, specific BIOS images could be authorized by
> an organization by countersigning them with an organization-controlled
> key, which would be verified during the update process.
>
> Provisioning Phase:
> It is crucial that the organization institute a mechanism for
> identifying, inventorying, and tracking the different computer systems
> across the enterprise throughout their life cycle. Identifying and
> monitoring the BIOS image characteristics such as manufacturer name,
> version, or time stamp allows the organization to perform update,
> rollback, and recovery. The organization should maintain a “golden
> master image” for each approved system BIOS, including superseded
> versions, in secure offline storage.
> If the platform has a configurable Root of Trust for Update (RTU), the
> organization needs to maintain a copy of the key store and signature
> verification algorithm. If the RTU is integrated into the system BIOS
> then this guideline is satisfied by maintaining the golden BIOS image.
> If the RTU is not integrated into the system BIOS, the security afforded
> the RTU should be at least as strong as that for the golden BIOS image.
> Most organizations will rely upon the manufacturer as the source for the
> authenticated BIOS. In this case, the organization does not maintain any
> private keys, and the RTU contains only public keys provided by the
> manufacturer. Where the organization prefers to participate actively in
> the BIOS authentication process by countersigning some or all approved
> system BIOS updates, the RTU may contain one or more public keys
> associated with the organization. In this case, the organization must
> securely maintain the corresponding private key so that the next BIOS
> update can be signed. Private keys should be maintained under
> multi-party control to protect against insider attacks. For
> organizational keys, the corresponding public keys must also be
> maintained securely (to ensure authentication of origin).
>
> Operation and Maintenance Phase:
> Where the organization participates actively in the update process, the
> multi-party control process must be executed to retrieve the private key
> from secure storage and generate the digital signature. The BIOS
> installation package should also be signed, and the digital signature
> should be verified before execution. Once the update has executed
> successfully, the configuration baseline should be validated to confirm
> that the computer system is still in compliance with the organization’s
> defined policy.
>
> Disposition Phase:
> Before the computer system is disposed and leaves the organization, the
> organization should remove or destroy any sensitive data from the system
> BIOS. The configuration baseline should be reset to the manufacturer’s
> default profile; in particular, sensitive settings such as passwords
> should be deleted from the system and keys should also be removed from
> the key store. If the system BIOS includes any organization-specific
> customizations then a vendor-provided BIOS image should be installed.
> This phase of the platform life cycle reduces chances for accidental
> data leakage.
>
> ----snip----
>

_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to