Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks

Jarkko Sakkinen jarkko.sakkinen at linux.intel.com
Wed Nov 21 09:07:06 UTC 2018 

On Wed, Nov 21, 2018 at 03:08:51AM -0500, Rich Persaud wrote:
>    On Nov 21, 2018, at 02:18, Jarkko Sakkinen
>    <jarkko.sakkinen at linux.intel.com> wrote:
> 
>      On Tue, Nov 20, 2018 at 10:42:01PM -0700, Jason Gunthorpe wrote:
> 
>          Why you wouldn't use DMA to spy the RAM?
> 
>        The platform has to use IOMMU to prevent improper DMA access from
> 
>        places like PCI-E slots if you are using measured boot and want to
> 
>        defend against HW tampering.
> 
>      Yes. This is what I wanted to point out. Windows 10 has VBS to
>      achieve something like this.
>      https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
> 
>        The BIOS has to sequence things so that at least pluggable PCI-E slots
> 
>        cannot do DMA until the IOMMU is enabled.
> 
>      Yep.
> 
>        Honestly not sure if we do this all correctly in Linux, or if BIOS
> 
>        vendors even implemented this level of protection. The BIOS would have
> 
>        to leave the PCI-E root port slots disabled, and configure the ports
> 
>        to reject config TLPs from the hostile PCI-E device, and probably a
> 
>        big bunch of other stuff.. Then Linux would have to enable the IOMMU
> 
>        and then enable the PCI-E ports for operation.
> 
>      Linux should have something like VBS. Like James' proposal it does not
>      solve the puzzle but is one step forward...
> 
>    Qubes OS and OpenXT [1][2] can use Linux, Xen, IOMMU and DRTM for boot
>    integrity and PCI device isolation.  They preceded VBS by several years
>    [3].  Trammell's talk, "Firmware is the new Software" [4] and work on
>    Heads [5][6] is also relevant.
>    Rich
>    1.  https://www.platformsecuritysummit.com/2018/references/#openxt
>    2.  https://www.platformsecuritysummit.com/2018/topic/boot/
>    3.  https://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html
>    4.  https://www.platformsecuritysummit.com/2018/speaker/hudson/
>    5.  https://www.trmm.net/Heads
>    6.  https://puri.sm/posts/the-librem-key-makes-tamper-detection-easy/

Please do not send HTML trashed emails. For more information how to
configure your email client, please refer to:

https://www.kernel.org/doc/Documentation/email-clients.txt

Thank you.

/Jarkko

More information about the Linux-security-module-archive mailing list