From: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
To: "Jan Lübbe" <jlu@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [RFC 3/4] FIT: add FIT image support
Date: Fri, 13 Mar 2015 17:08:26 +0100 [thread overview]
Message-ID: <20150313160826.GC24510@ns203013.ovh.net> (raw)
In-Reply-To: <1426261300.13791.192.camel@pengutronix.de>
On 16:41 Fri 13 Mar , Jan Lübbe wrote:
> On Fr, 2015-03-13 at 15:28 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > It's not the job of barebox to define security policies, it must fit
> > > well into the larger security design, which may require compromises.
> >
> > I disagree, disable by default non secure feature is require to pass
> > secure boot certification
>
> Is there a specific certification you are targeting?
yes but can not give details all under NDA, a book of more than 500 pages
for bootloader/linux/kernel & co
>
> How do you intend to handle console access in verified boot mode?
> Allowing access to md/mw would break any security.
it's already mainline for month, check password support
as I put it in production more than 1 years ago
or simple disable input console all time, the code is here
the main problem is not console but env you need to drop RW env support
and use only RO one, except for keyring support where you will a RW env but
not executable and only accesable by crypto API
otherwise you need to use a secured digest such as HMAC/CMAC/OMAC support
to sign the env at runtime and ensure the symetric key is secured
or encrypt it via aes (did this in the past)
==
ww may have to get secured malloac with part where the md/mw and any other
API can not touch only the crypto API
but this will be for later
==
>
> I was thinking about switching off access to the HW AES keys as soon as
> a prompt appears. At least on MX28/MX6 that's possible and important.
Password & defaultenv2
16 characters min password with sha256 min or best sha512 or pbkdf2
I'll send a patch to use the pbkdf2 for password
Best Regards,
J.
>
> Regards,
> Jan
> --
> Pengutronix e.K. | |
> Industrial Linux Solutions | http://www.pengutronix.de/ |
> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2015-03-13 16:08 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-12 14:39 [RFC 0/4] FIT Support Jan Luebbe
2015-03-12 14:39 ` [RFC 1/4] digest: Make filename arguments const Jan Luebbe
2015-03-13 7:40 ` Sascha Hauer
2015-03-12 14:39 ` [RFC 2/4] Add rsa support Jan Luebbe
2015-03-12 17:47 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 9:35 ` Jan Lübbe
2015-03-13 9:56 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:06 ` Sascha Hauer
2015-03-13 10:12 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:22 ` Jan Lübbe
2015-03-13 10:26 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:10 ` Jan Lübbe
2015-03-13 10:25 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:43 ` Jan Lübbe
2015-03-13 15:49 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:00 ` Jan Lübbe
2015-03-16 10:27 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:25 ` Jan Lübbe
2015-03-16 11:33 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 15:42 ` Jan Lübbe
2015-03-17 10:48 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-17 12:09 ` Jan Lübbe
2015-03-17 12:39 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-17 12:57 ` Jan Lübbe
2015-03-12 14:39 ` [RFC 3/4] FIT: add FIT image support Jan Luebbe
2015-03-12 18:19 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 9:28 ` Jan Lübbe
2015-03-13 10:05 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 10:21 ` Jan Lübbe
2015-03-13 14:28 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 15:41 ` Jan Lübbe
2015-03-13 16:08 ` Jean-Christophe PLAGNIOL-VILLARD [this message]
2015-03-16 10:19 ` Jan Lübbe
2015-03-16 11:14 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 12:08 ` Jan Lübbe
2015-03-16 12:19 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 13:28 ` Jan Lübbe
2015-03-16 13:51 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 14:31 ` Jan Lübbe
2015-03-16 14:40 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 14:50 ` Jan Lübbe
2015-03-13 11:33 ` Marc Kleine-Budde
2015-03-13 15:54 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 16:06 ` Marc Kleine-Budde
2015-03-13 17:00 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:04 ` Jan Lübbe
2015-03-16 10:28 ` Jean-Christophe PLAGNIOL-VILLARD
2015-12-29 10:18 ` Yegor Yefremov
2015-03-12 14:39 ` [RFC 4/4] FIT: add test config and data [do not merge] Jan Luebbe
2015-03-12 14:51 ` [RFC] digest: Add enum Jan Luebbe
2015-03-12 17:50 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 9:54 ` Jan Lübbe
2015-03-13 10:10 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-13 18:50 ` Robert Schwebel
2015-11-11 11:39 ` [RFC 0/4] FIT Support Yegor Yefremov
2015-11-13 11:35 ` Antony Pavlov
2015-11-13 12:54 ` Sascha Hauer
2015-12-29 8:10 ` Yegor Yefremov
2016-01-05 8:11 ` Marc Kleine-Budde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150313160826.GC24510@ns203013.ovh.net \
--to=plagnioj@jcrosoft.com \
--cc=barebox@lists.infradead.org \
--cc=jlu@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox