Hello everybody, I have been thinking about the risks involved using different kinds of dock or dockingstation.
[I'll recap what I think I found out about the docking situation, skip if you know how docks, usb type c and DMA works] Most business notebooks have proprietary docking connectors, like the traditional connector on the underside of notebooks or the big connector on the sides of some newer, thinner notebooks. These seem to be just "breakout connectors", like routing the signals of an internal usb or display adapter to the outside. Nothing with DMA seems to be on the outer side of the notebook. I checked on a Lenovo machine with an "onelink" connector, and couldn't see any new pci devices. Now more and more notebooks come with a usb type c connector as an universal connector. This by itself only defines the physical conenctor, not the protocol used. There are two kinds: usb 3 and thunderbolt. Both protocols allow alternate modes, where some pins of the cable are used for power, video or other signals. The first case, with usb 3, could be a monitor which connects to the notebook with that one usb type c cable, receives usb & video & audio from the notebok and charges it simultaneously. With thunderbolt all of this is possible too, in addition you have two pcie lanes. With this, you could theoretically connect any device, including desktop grafic adapters for example. Also, pcie has DMA, direct memory access, where a device can "physically" read and write the entire memory, on a level below regular operating system or cpu intervention. This, if course, is a huge and nasty security risk. Attacks via DMA were demonstrated via firewire for example, where a firewire device plugs in, reads the memory, and extracts encryption passwords right away. Potentially completely unnoticed too. Thank you, invisible things lab, for your spearhead work on this topic. [/recap] Regular dockingstations don't seem to be a huge security problem, besides the old "I trust my usb-vm with all keystrokes". Any pcie or other DMA bus reachable from outside has huge security problems though. - Can DMA be tamed completely? Wikipedia [1] suggests IOMMU can limit DMA. As I understand it, Qubes currently does not protect against a malicious DMA device? - Can an entire PCI bridge, which has thunderbolt or an express card or any other DMA connector-to-the-outside be assigned to a VM, even with no device connected yet? At least 2012 it didn't seem possible [2] at all. More recently, trials with thunderbolt were done [3]. As I read it, thunderbolt itself works, USB makes more problems with assigning. DMA wasn't scope on that thread. - Can PCI bridges be deactivated/reactivated on-the-fly? Like, asking for confirmation when a device is connected, or deactivating the bridge when the screen is locked? - It seems like (thunderbolt) dockingstations with ethernet will all connect it via usb. So I would have to trust my usb-vm with both my unencrypted keystrokes and "physical" network traffic. In worst case all on the same usb hub too. Can such a machine be reasonably secure at all? - Is thunderbolt a complete no-go from a security perspective? - Are we preparing for a world where most new notebooks only have a usb type c conector, and maybe one, two other ports? Stickstoff [1] https://en.wikipedia.org/wiki/DMA_attack [2] https://groups.google.com/forum/#!topic/qubes-devel/zkPTk4tjWBM [3] https://groups.google.com/forum/#!topic/qubes-users/uk11tSeu5yU https://groups.google.com/forum/#!topic/qubes-users/xbtacWEVt7g -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4af287fb-cd7c-2e69-18f6-056b8507cdb4%40posteo.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
