On Mon, Mar 14, 2022 at 11:50:02AM +0100, Peter Bergin wrote: > If a new node connects to the network that is > badly configured or evil with wrong time of day information and this node > manage to become GM the consequence will be that system time is changed on > nodes that have auto sync between PHC->CLOCK_REALTIME. Are there any > settings in phc2sys (or ptp4l) to protect the system from this scenario?
I think the only thing you can do is to completely disable clock steps (-F 0). The attacker can cause the clock to run faster or slower, but not jump by years to the past or future (e.g. to invalidate certificates). This assumes the machine has an RTC and the system can reliably start with the clock close to the current time. > And > in general how should a product designer think around GM trust in an open > network using gPTP, never sync system time from PHC in this case? I guess that depends on what the product is doing beside operating as a gPTP clock. If you need to secure the system clock, you can combine PTP with authenticated NTP (using symmetric keys or NTS) to avoid accepting spoofed time from PTP. In linuxptp there is the timemaster program for that. -- Miroslav Lichvar _______________________________________________ Linuxptp-devel mailing list Linuxptp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
