[coreboot] Re: Locking coreboot against internal flashing

2019-02-26 Thread Frank Beuth 

On Mon, Feb 25, 2019 at 03:42:41PM -0500, taii...@gmx.com wrote:

I'm reasonably sure that this is not true and security-conscious users
can disable internal flashing, but I haven't been able to find any
mention of such a setting in the documentation.


Isn't it possible to set the flash chip write lock bit on the flash chip
so things can't be flashed internally the same way intel blocks one from
re-writing the ME region internally?


That sounds like what I was asking about.
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-25 Thread taii...@gmx.com 
On 02/16/2019 07:31 AM, Frank Beuth wrote:
> On Thu, Feb 14, 2019 at 12:21:36PM -0500, Matt B wrote:
>> For Coreboot afaik the only two methods available are to flash with a
>> programmer or to flash internally from linux with iomem=relaxed.
> 
> On another mailing list, someone commented "I would never use Coreboot,
> because it would let malware flash your bios from within Linux."
> (paraphrased)

Those people are silly then, since a propriatary BIOS doesn't prevent
that either. They also think that if something isn't absolutely perfect
that one should not bother which is absurd.

The ones that prompt for BIOS passwords or w/e are just doing it to be
polite they have no software-enforced firmware update signing mechanisms
- now of course ones that do enforce it (but via hardware) always
include external flashes too making them not owner controlled and thus evil.

> 
> I'm reasonably sure that this is not true and security-conscious users
> can disable internal flashing, but I haven't been able to find any
> mention of such a setting in the documentation.

Isn't it possible to set the flash chip write lock bit on the flash chip
so things can't be flashed internally the same way intel blocks one from
re-writing the ME region internally?
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-22 Thread Matt B 
Would it make the most sense to put locking option in coreboot's
board-specific code, since the method varies between boards? Could a common
ACPI call for it be provided that could be called by a payload or OS later
if it's present?

-Matt


On Sun, Feb 17, 2019 at 8:48 PM Frank Beuth  wrote:

> On Sun, Feb 17, 2019 at 12:24:38PM +0100, Nico Huber wrote:
> >I'm not sure if I quite follow. You mean the locking that prevents you
> >from installing a retrofitted coreboot? That's not a lock that prevents
> >malware from anything (because of existing exploits). There are ways to
> >install coreboot on such systems without external programmer. It's just
> >sometimes a very uncomfortable, hacky way and if it fails you'll need an
> >external programmer anyway. But nothing is too uncomfortable for crimi-
> >nals. They just have to figure it out once and then profit per every-
> >body's unit (not just there own unit).
>
> I see, this explains a lot and goes a long way to resolving the original
> issue
> ("installing Coreboot makes me less secure because it enables software
> reflashing").
>
> > [Coreboot] offers only
> >locking options that make sense in certain use cases.
>
> Most of the locking options that have been discussed in this thread so far
> are
> rather hacky (often requiring writing new code) and not part of any
> Coreboot or related (e.g SeaBIOS) software package.
>
> For Coreboot and related packages, you previously mentioned
> LOCK_SPI_FLASH_RO
> and some unspecified locking options in the FILO payload. Are there any
> others?
> ___
> coreboot mailing list -- coreboot@coreboot.org
> To unsubscribe send an email to coreboot-le...@coreboot.org
>
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-17 Thread Frank Beuth 

On Sun, Feb 17, 2019 at 12:24:38PM +0100, Nico Huber wrote:

I'm not sure if I quite follow. You mean the locking that prevents you
from installing a retrofitted coreboot? That's not a lock that prevents
malware from anything (because of existing exploits). There are ways to
install coreboot on such systems without external programmer. It's just
sometimes a very uncomfortable, hacky way and if it fails you'll need an
external programmer anyway. But nothing is too uncomfortable for crimi-
nals. They just have to figure it out once and then profit per every-
body's unit (not just there own unit).


I see, this explains a lot and goes a long way to resolving the original issue 
("installing Coreboot makes me less secure because it enables software 
reflashing").



[Coreboot] offers only
locking options that make sense in certain use cases.


Most of the locking options that have been discussed in this thread so far are 
rather hacky (often requiring writing new code) and not part of any 
Coreboot or related (e.g SeaBIOS) software package.


For Coreboot and related packages, you previously mentioned LOCK_SPI_FLASH_RO 
and some unspecified locking options in the FILO payload. Are there any others?

___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-17 Thread Prasun Gera 
>
> Again, you seem to imply a retrofitted coreboot. If you can tell me any
> model with a firmware lock in particular, I can try to compare it to the
> coreboot situation for that model.
>

I think the most common retrofitted coreboot solution that people use is
for older thinkpads. So it seems reasonable to provide some additional
guidance for people attempting that in the official documentation. The
threat model in baseline is that even if the OS is compromised, it cannot
write to the bios. The vendor's signing keys are considered trusted in this
model, exploits notwithstanding. i.e., You can get to a clean slate by
wiping your hard drive. So with that it mind, it may be useful to help
people achieve a similar goal. In general, the landscape of different
security measures such as vboot, heads etc. is hard to grasp for lay
people. It is not immediately obvious how to use them, or specifically how
they differ in threat models, whether they allow subsequent flashing
without using an external programmer if the hardware doesn't have dedicated
hardware like chromebooks, whether it is possible to have a clean
trusted/airgapped machine for just building and signing coreboot builds
which would be the only trusted builds by your target devices, etc.
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-17 Thread persmule 
在 2019/2/17 下午5:02, Nico Huber 写道:
> When you are sure that you want a lock, you still have to decide what
> kind of lock. And that depends on what you actually want to protect
> against (e.g. online attack by a compromised OS) and how much flexi-
> bility you are willing to sacrifice (e.g. online firmware updates).

Nico is right, and I personally like locks that can and should be
unlocked with physical access during boot via some sort of
authentication, so they are usually performed by payloads with
authentication and programming capabilities.

You can see some boot-time-unlockable lock schemes here:
https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/hardened_boot/grub-for-coreboot.md#update-for-coreboot-after-commit-2ac149d294af795710eb4bb20f093e9920604abd
, performed by a grub payload.

https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/hardened_boot/heads-atop-coreboot.md#update-3
, performed by a modified heads payload.


___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-17 Thread Nico Huber 
On 17.02.19 11:12, Frank Beuth wrote:
> On Sun, Feb 17, 2019 at 10:02:42AM +0100, Nico Huber wrote:
>> What, why? Did you just say "SeaBIOS" because I said "sometimes ...
>> payload"?
>>
>> SeaBIOS is a very generic payload, trying not to be board specific. And
>> I just said it depends on the hardware. Also, all generic, one-fits-all-
>> scenarios solutions for flash locking that I've heard about failed (ex-
>> ploits, exploits, exploits).
> 
> SeaBIOS being the most commonly used one, and you seemed to imply
> locking should/must be done by the payload.

Well, I didn't mean to imply that. That's why I highlighted "sometimes"
above. "sometimes" / "always" there is a difference, you see? What I
tried to express is that how and where a lock has to be implemented
depends on your complete firmware and not just coreboot. So locking
*may* involve the payload.

Whether or not depends on your threat model, what you want to protect
from and what you still want to allow (e.g. firmware updates).

You don't seem to have a threat model. It seems you just want to feel
safe. That's fair enough. But doesn't provide any value in reasoning
about locks.

> 
> It sounds like you are saying the locking which one is used to with
> proprietary/manufacturers' firmwares, the locking which often requires a
> hardware programmer, is possible because those firmwares are board
> specific. And therefore not really possible for an open source firmware
> like Coreboot+$PAYLOAD.

I'm not sure if I quite follow. You mean the locking that prevents you
from installing a retrofitted coreboot? That's not a lock that prevents
malware from anything (because of existing exploits). There are ways to
install coreboot on such systems without external programmer. It's just
sometimes a very uncomfortable, hacky way and if it fails you'll need an
external programmer anyway. But nothing is too uncomfortable for crimi-
nals. They just have to figure it out once and then profit per every-
body's unit (not just there own unit).

> 
>> Before you ask somebody to implement a lock, you should ask yourself
>> why.
> 
> The "why" here is "so that Coreboot is at least as secure as the
> original firmware in this respect."

Again, you seem to imply a retrofitted coreboot. If you can tell me any
model with a firmware lock in particular, I can try to compare it to the
coreboot situation for that model. But these things are hard to compare
anyway. You have a hidden cat-and-mouse game on one side, where you may
believe if the vendor or the criminal is the cat or the mouse as you
wish, and on the other side an open-source solution that you may choose
to trust for its auditability and reproducibility, that doesn't blind
you by pretending to offer general security but instead offers only
locking options that make sense in certain use cases.

Nico
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-17 Thread Frank Beuth 

On Sun, Feb 17, 2019 at 10:02:42AM +0100, Nico Huber wrote:

What, why? Did you just say "SeaBIOS" because I said "sometimes ...
payload"?

SeaBIOS is a very generic payload, trying not to be board specific. And
I just said it depends on the hardware. Also, all generic, one-fits-all-
scenarios solutions for flash locking that I've heard about failed (ex-
ploits, exploits, exploits).


SeaBIOS being the most commonly used one, and you seemed to imply locking 
should/must be done by the payload.


It sounds like you are saying the locking which one is used to with 
proprietary/manufacturers' firmwares, the locking which often requires a 
hardware programmer, is possible because those firmwares are board specific. 
And therefore not really possible for an open source firmware like 
Coreboot+$PAYLOAD.



Before you ask somebody to implement a lock, you should ask yourself
why.


The "why" here is "so that Coreboot is at least as secure as the original 
firmware in this respect."

___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-17 Thread persmule 
在 2019/2/17 下午5:02, Nico Huber 写道:
> When you are sure that you want a lock, you still have to decide what
> kind of lock. And that depends on what you actually want to protect
> against (e.g. online attack by a compromised OS) and how much flexi-
> bility you are willing to sacrifice (e.g. online firmware updates).

Nico is right, and I personally like locks that can and should be
unlocked with physical access during boot via some sort of
authentication, so they are usually performed by payloads with
authentication and programming capabilities.

You can see some boot-time-unlockable lock schemes here:
https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/hardened_boot/grub-for-coreboot.md#update-for-coreboot-after-commit-2ac149d294af795710eb4bb20f093e9920604abd
, performed by a grub payload.

https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/hardened_boot/heads-atop-coreboot.md#update-3
, performed by a modified heads payload.

___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-17 Thread Nico Huber 
On 17.02.19 02:35, Frank Beuth wrote:
> On Sat, Feb 16, 2019 at 06:00:26PM +0100, Nico Huber wrote:
>> Generally, what locking options you have depend much on your hardware.
>> Hence, there is no generic solution in coreboot. Plus, coreboot is more
>> a firmware framework than a firmware. It can only "boot" programs from
>> flash and not your OS from disk. So you need a coreboot "payload" to do
>> the latter and sometimes it's up to that payload to do such locking.
> 
> I see, so this question would be more properly directed at the SeaBIOS
> list?

What, why? Did you just say "SeaBIOS" because I said "sometimes ...
payload"?

SeaBIOS is a very generic payload, trying not to be board specific. And
I just said it depends on the hardware. Also, all generic, one-fits-all-
scenarios solutions for flash locking that I've heard about failed (ex-
ploits, exploits, exploits).

Before you ask somebody to implement a lock, you should ask yourself
why. "Somebody said malware can overwrite x" isn't a good reason. We
allow malware to overwrite our on-disk boot loader, we allow malware
to overwrite our kernel; nobody cares / it depends on the way we use
our software. We are used to rely on some firmware lock because their
vendors gave us no other means to feel secure. But coreboot can give
us other means, because it is no black box. For instance, one can just
reflash coreboot when they feel compromised, like we reinstall our
OS in case.

When you are sure that you want a lock, you still have to decide what
kind of lock. And that depends on what you actually want to protect
against (e.g. online attack by a compromised OS) and how much flexi-
bility you are willing to sacrifice (e.g. online firmware updates).

Nico
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-16 Thread Frank Beuth 

On Sat, Feb 16, 2019 at 06:00:26PM +0100, Nico Huber wrote:

Generally, what locking options you have depend much on your hardware.
Hence, there is no generic solution in coreboot. Plus, coreboot is more
a firmware framework than a firmware. It can only "boot" programs from
flash and not your OS from disk. So you need a coreboot "payload" to do
the latter and sometimes it's up to that payload to do such locking.


I see, so this question would be more properly directed at the SeaBIOS list?



So if somebody tells you that coreboot doesn't have an option to lock
the flash chip, that might actually be true for their combination of
coreboot + payload and hardware.

The only option in coreboot itself that I know is the LOCK_SPI_FLASH_RO
Kconfig. It should be available for all boards that use one of the fol-
lowing Intel PCHs and a directly attached SPI flash:
 o Ibex Peak,
 o Cougar Point,
 o Panther Point,
 o Lynx Point,
 o Lynx Point-LP (integrated into a Haswell SoC).
This can easily be extended to support any newer Intel chipset.

Beside that, I know there are locking options in the FILO payload. And I
suspect HEADS to do something about it, too. Google uses the block pro-
tection of the flash chip on their ChromeBooks/Boxes. They have the WP
pin controllable with a screw/switch/security chip. So if you got one
of these, it would be wise to make use of that.

Nico

___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-16 Thread ron minnich 
On Sat, Feb 16, 2019 at 4:31 AM Frank Beuth  wrote:

> On another mailing list, someone commented "I would never use Coreboot, 
> because
> it would let malware flash your bios from within Linux." (paraphrased)

well, send them here, and we can try to explain the world as it is.

But this particular FUD has been bouncing around for 20 years so I
don't hold much hope out for changing minds.

ron
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-16 Thread Nico Huber 
On 16.02.19 16:08, Frank Beuth wrote:
> On Sat, Feb 16, 2019 at 05:23:40PM +0300, Sergej Ivanov wrote:
>> To make a real write protection on your spi flash you may go two ways
>> after
>> setting region protection and configuration bits in your flash
> 
> Where are the write protection bits for the flash set, in which menu /
> config file? That is my question.

What Sergej suggested would have to be done out of band and not by
coreboot. You can configure your flash chip to protect itself, which
is unlike most firmware does it.

Generally, what locking options you have depend much on your hardware.
Hence, there is no generic solution in coreboot. Plus, coreboot is more
a firmware framework than a firmware. It can only "boot" programs from
flash and not your OS from disk. So you need a coreboot "payload" to do
the latter and sometimes it's up to that payload to do such locking.

So if somebody tells you that coreboot doesn't have an option to lock
the flash chip, that might actually be true for their combination of
coreboot + payload and hardware.

The only option in coreboot itself that I know is the LOCK_SPI_FLASH_RO
Kconfig. It should be available for all boards that use one of the fol-
lowing Intel PCHs and a directly attached SPI flash:
  o Ibex Peak,
  o Cougar Point,
  o Panther Point,
  o Lynx Point,
  o Lynx Point-LP (integrated into a Haswell SoC).
This can easily be extended to support any newer Intel chipset.

Beside that, I know there are locking options in the FILO payload. And I
suspect HEADS to do something about it, too. Google uses the block pro-
tection of the flash chip on their ChromeBooks/Boxes. They have the WP
pin controllable with a screw/switch/security chip. So if you got one
of these, it would be wise to make use of that.

Nico
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-16 Thread Frank Beuth 

On Sat, Feb 16, 2019 at 05:23:40PM +0300, Sergej Ivanov wrote:

To make a real write protection on your spi flash you may go two ways after
setting region protection and configuration bits in your flash


Where are the write protection bits for the flash set, in which menu / config 
file? That is my question.

___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org

[coreboot] Re: Locking coreboot against internal flashing

2019-02-16 Thread Sergej Ivanov 
To make a real write protection on your spi flash you may go two ways after
setting region protection and configuration bits in your flash

1) Write a SMM handler, that will prevent software to set high level on SPI
#WP/WE pin (that can be done it it connected to chipset) absolute
chipset-specific, also possibly this will be a mainboard specific task.

Or

2) After flashing coreboot with setted up protection bits you can
disconnect #WP/WE pin from mainboard and hardwire it to ground.

Second way is a bit simple, but you may lost hibernation/S3 on amd and lost
memory training data on intel FSP based boards.

The final decision is yours.

сб, 16 февр. 2019 г., 15:31 Frank Beuth secli...@boxdan.com:

> On Thu, Feb 14, 2019 at 12:21:36PM -0500, Matt B wrote:
> >For Coreboot afaik the only two methods available are to flash with a
> >programmer or to flash internally from linux with iomem=relaxed.
>
> On another mailing list, someone commented "I would never use Coreboot,
> because
> it would let malware flash your bios from within Linux." (paraphrased)
>
> I'm reasonably sure that this is not true and security-conscious users can
> disable internal flashing, but I haven't been able to find any mention of
> such
> a setting in the documentation.
>
> How can users disable internal flashing?
> ___
> coreboot mailing list -- coreboot@coreboot.org
> To unsubscribe send an email to coreboot-le...@coreboot.org
>
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org