Uncategorized

Purism replies on CHIPSEC failures, adds TPM add-on, starts Heads work

Re: https://firmwaresecurity.com/2017/11/15/purism-librem15-fails-chipsec-security-tests/

Purism responds to the CHIPSEC failures here:

https://forums.puri.sm/t/user-flashable-coreboot-vs-chipsec-security-test-cases/1918

They also point out in that forum, and here:

https://puri.sm/posts/tpm-addon-for-librem-laptops/

that Purism is getting ready to start using Heads payload. They’ve been talking about it for months, maybe it’ll be a real option for upcoming Librem customers? I’m very excited to see a Heads system available by an OEM, instead of DIY and not an easy task.

And they’re adding a TPM as an ‘add-on’ to existing Librem laptops. Heads needs TPM for it’s measurements. (Hmm, I thought TPMs were an integral and tamper-resistant part of the system, and something that could be added on for trust was called a smartcard, but ok. I guess you have to solder the HW to the system. I presume attackers will be ordering spare add-ons so they can swap out units.)

In the above Purism forum, there was this user comment:

“I like the idea of putting a demo Librem notebook to a BlackHat conf where they try to break into the devices. Would be a nice test and a good commercial for you.”

They cannot do that with current Librem models. 🙂 This will need to wait for TPMs to be pre-installed and Heads as the payload.

This response from the above Purism forum seems a bit invalid:

“So there’s no way to access a BIOS menu to change the boot sequence (boot from USB) or set a machine password etc?”

“No, there is no such thing. The BIOS boots into your machine in roughly 450 milliseconds, there is no support for a menu, there is no time even for the user to press a key on the keyboard to enter a menu. The idea of coreboot is to do the minimum hardware initialization and then go to a payload. In our case, we use SeaBIOS which itself will initialize the video card and show the splash screen logo, and wait for 2 seconds for you to press ESC to show you the boot menu and let you choose your device (otherwise, it just boots to the default one). The boot choice isn’t saved, it’s just a boot override. If you want to change an option in coreboot, you need to change the config in the source and recompile coreboot then reflash it. If you want to change the boot order, you need to change the boot order in a file embeded in the flash, then reflash the BIOS.”

Yes, there is thing, which the reply says does not exist then a few sentences later explains that it does exist. The BIOS menu to change the boot order is available to anyone with physical access to the system, and presses the ESC key within 2 seconds of poweron. The unprotected BIOS and MBR-based hard drive can be quickly overwritten with malware on the attacker’s boot thumbdrive. Attendees of ‘a BlackHat conf’ will have such skills. 🙂

Purism is spending all their time undoing Intel’s features — Intel ME, Intel FSP, and now re-embracing older features — Intel TPM. Intel SMM is still an issue, STM is not being used by Purism. Intel ME may be disabled, but it’s a black-box device, who knows when attackers will start reactivating it and putting their malware-based version of Minix on that chip? You’re going to need tools to detect if ME is really disabled. I hope Purism’s roadmap has a RISC-V chip-based laptop in it, so they can stop fighting Intel features and have a fully-open stack. If they keep fighting the Intel stack, I hope they add the ‘stateless laptop’ that Joanna has proposed to their roadmap:

https://blog.invisiblethings.org/2015/12/23/state_harmful.html

It might be useful to add coreboot Verified Boot to help secure their SeaBIOS payload, but that could probably only secure PureOS, and distro hoppers will have no benefit. But I don’t think Heads and Verified Boot are compatible? SeaBIOS also has TPM support, that’d be nice to see those measurements used, if they are embracing a TPM. And now that they have a TPM, they can start using Intel TXT too. 🙂

I am a little perplexed about Purims customer audience, who is concerned about privacy, and yet has so little concern for security, in exchange for the convenience feature of being easy to distro-hop. Anyway, if you want security, wait for the TPM and Heads to be integrated with future Librems.

https://trmm.net/Installing_Heads
https://trustedcomputinggroup.org/
https://puri.sm/products/librem-15/

Standard
Uncategorized

more on Infineon TPM issue

The UK gov guidance was also recently updated, so maybe worth a re-read:
https://www.ncsc.gov.uk/guidance/roca-infineon-tpm-and-secure-element-rsa-vulnerability-guidance

https://blog.cr.yp.to/20171105-infineon.html

https://blog.habets.se/2017/10/Is-my-TPM-affected-by-the-Infineon-disaster.html
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc

https://crocs.fi.muni.cz/public/papers/rsa_ccs17

http://mickitblog.blogspot.com/2017/10/infineon-tpm-vulnerability-report-using.html

http://www.thesccm.com/configmgr-query-infineon-firmware-tpm-microsoft-advisory-adv170012/

https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

Encryption chip flaw afflicts huge number of computers

https://dl.acm.org/citation.cfm?id=3133969

Standard
Uncategorized

xen-uefi: Instructions and tools to boot Xen in UEFI mode with TPM measurements of Xen and dom0

Instructions and tools to boot Xen in UEFI mode with TPM measurements of Xen and dom0

This repository contains tools and instructions for installing Xen and dom0 with UEFI/SecureBoot such that all critical components of Xen and the dom0 kernel get SecureBoot verified and measured into the TPM.

https://github.com/tklengyel/xen-uefi

Includes an updated Shim.

Standard
Uncategorized

Linux Security Summit 2017 Summary

James Morris summarized the recent LSS event, excerpts below. For full message, see his original oss-security list posting.

The 2017 Linux Security Summit (LSS) was held on Sept 14th and 15th in Los Angeles, USA. It was co-located with Open Source Summit North America (previously/including LinuxCon) and the Linux Plumbers Conference (LPC). LSS is unique as a security conference as it’s dedicated to Linux and Open Source, and tends to be focused on defensive security engineering. This year we had refereed presentations, Linux kernel security subsystem updates, and BoF topics. There was also a shared day with LPC (on the 13th), where the TPMs and containers microconfs were held. We’re also seeing continued activity in TPMs (v2.0 stack developoment), integrity/boot verification, hardware-based mitigations, mobile/device, and containers. There are lots of challenges across these areas, and the materials I’ve linked from LSS and LPC are a good place to start if you’re interested in where things are at currently. There was no video this year, unfortunately, and we’ll work on making that happen for next year.

http://events.linuxfoundation.org/events/archive/2017/linux-security-summit
http://events.linuxfoundation.org/events/archive/2017/linux-security-summit/program/schedule
http://events.linuxfoundation.org/events/archive/2017/linux-security-summit/program/slides (in some cases by clicking on the session topics).
http://blog.namei.org/2017/10/02/linux-security-summit-2017-roundup/
http://www.paul-moore.com/blog/d/2017/09/linux-security-summit.html
https://tyhicks.com/2017/09/22/2017-Linux-Security-Summit-Day-1/
https://tyhicks.com/2017/09/25/2017-Linux-Security-Summit-Day-2/
https://etherpad.openstack.org/p/LPC2017_TPM
https://etherpad.openstack.org/p/LPC2017_Containers
http://schd.ws/hosted_files/lss2017/aa/LSS-2017-Kernel-Self-Protection-Project.pdf

Standard
Uncategorized

Insyde Software security updates for Windows 10

Hurray, UEFI vendors focusing on security! 🙂

Insyde® Software Highlights Strategies to Strengthen Firmware Security at the Fall UEFI Plugfest

Company’s Chief Technology Officer to Present at The UEFI Forum Plugfest in Taipei, Taiwan

[…]In related UEFI-security news, Insyde Software announced its full compliance with the latest firmware security updates needed by Microsoft’s upcoming Windows® release. The Windows 10 Fall Creators Update adds new requirements that include improved support for TPMs (Trusted Platform Modules) and new functionality for Secure Boot BIOS update, all of which is fully supported by InsydeH2O® UEFI BIOS.[…]

https://www.insyde.com/press_news/press-releases/insyde%C2%AE-software-highlights-strategies-strengthen-firmware-security-fall

Standard
Uncategorized

more on Infineon TPM issue

https://www.rsa.com/en-us/blog/2017-10/roca-blaming-infineon-is-the-easy-way-out

https://www.ncsc.gov.uk/guidance/roca-infineon-tpm-and-secure-element-rsa-vulnerability-guidance

https://lwn.net/Articles/736736/

https://lkml.org/lkml/2017/10/25/382

https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/

https://en.wikipedia.org/wiki/ROCA_vulnerability

http://www.cvedetails.com/cve/CVE-2017-15361/
http://www.securityfocus.com/bid/101484
https://www.cvedetails.com/bugtraq-bid/101484/Infineon-RSA-Library-CVE-2017-15361-Cryptographic-Security-B.html

Vulnerability in code library permits attackers to work out private RSA keys

https://answers.microsoft.com/en-us/windows/forum/windows_10-update/windows-10-update-version-1703/f5fa72fe-3d59-45d4-a4c4-eb849774b657?auth=1

 

Standard