From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Rich Persaud <persaur@gmail.com>
Cc: "Jason Gunthorpe" <jgg@ziepe.ca>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, monty.wiseman@ge.com,
"Monty Wiseman" <montywiseman32@gmail.com>,
"Matthew Garrett" <mjg59@google.com>,
"Trammell Hudson" <hudson@trmm.net>,
"Daniel Smith" <dpsmith@apertussolutions.com>,
"Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
Subject: Re: Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks
Date: Wed, 21 Nov 2018 11:07:06 +0200 [thread overview]
Message-ID: <20181121090706.GA9616@linux.intel.com> (raw)
In-Reply-To: <F10185EF-C618-45DC-B1F3-0053B8FE417F@gmail.com>
On Wed, Nov 21, 2018 at 03:08:51AM -0500, Rich Persaud wrote:
> On Nov 21, 2018, at 02:18, Jarkko Sakkinen
> <jarkko.sakkinen@linux.intel.com> wrote:
>
> On Tue, Nov 20, 2018 at 10:42:01PM -0700, Jason Gunthorpe wrote:
>
> Why you wouldn't use DMA to spy the RAM?
>
> The platform has to use IOMMU to prevent improper DMA access from
>
> places like PCI-E slots if you are using measured boot and want to
>
> defend against HW tampering.
>
> Yes. This is what I wanted to point out. Windows 10 has VBS to
> achieve something like this.
> https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
>
> The BIOS has to sequence things so that at least pluggable PCI-E slots
>
> cannot do DMA until the IOMMU is enabled.
>
> Yep.
>
> Honestly not sure if we do this all correctly in Linux, or if BIOS
>
> vendors even implemented this level of protection. The BIOS would have
>
> to leave the PCI-E root port slots disabled, and configure the ports
>
> to reject config TLPs from the hostile PCI-E device, and probably a
>
> big bunch of other stuff.. Then Linux would have to enable the IOMMU
>
> and then enable the PCI-E ports for operation.
>
> Linux should have something like VBS. Like James' proposal it does not
> solve the puzzle but is one step forward...
>
> Qubes OS and OpenXT [1][2] can use Linux, Xen, IOMMU and DRTM for boot
> integrity and PCI device isolation. They preceded VBS by several years
> [3]. Trammell's talk, "Firmware is the new Software" [4] and work on
> Heads [5][6] is also relevant.
> Rich
> 1. https://www.platformsecuritysummit.com/2018/references/#openxt
> 2. https://www.platformsecuritysummit.com/2018/topic/boot/
> 3. https://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html
> 4. https://www.platformsecuritysummit.com/2018/speaker/hudson/
> 5. https://www.trmm.net/Heads
> 6. https://puri.sm/posts/the-librem-key-makes-tamper-detection-easy/
Please do not send HTML trashed emails. For more information how to
configure your email client, please refer to:
https://www.kernel.org/doc/Documentation/email-clients.txt
Thank you.
/Jarkko
next prev parent reply other threads:[~2018-11-21 9:07 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-19 17:34 Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks James Bottomley
2018-11-19 20:05 ` Jason Gunthorpe
2018-11-19 20:20 ` James Bottomley
2018-11-19 21:19 ` Jason Gunthorpe
2018-11-19 21:34 ` James Bottomley
2018-11-19 21:44 ` Jason Gunthorpe
2018-11-19 22:36 ` James Bottomley
2018-11-19 23:08 ` Jason Gunthorpe
2018-11-20 0:54 ` James Bottomley
2018-11-20 3:05 ` Jason Gunthorpe
2018-11-20 17:17 ` James Bottomley
2018-11-20 21:33 ` Jason Gunthorpe
2018-11-20 22:34 ` James Bottomley
2018-11-20 23:39 ` Jason Gunthorpe
2018-11-21 2:24 ` EXTERNAL: " Jeremy Boone
2018-11-21 5:16 ` Jason Gunthorpe
2018-11-20 23:52 ` Jarkko Sakkinen
2018-11-20 23:41 ` Jarkko Sakkinen
2018-11-20 11:10 ` Jarkko Sakkinen
2018-11-20 12:41 ` Jarkko Sakkinen
2018-11-20 17:25 ` James Bottomley
2018-11-20 23:13 ` Jarkko Sakkinen
2018-11-20 23:58 ` James Bottomley
2018-11-21 0:33 ` EXTERNAL: " Jeremy Boone
2018-11-21 6:37 ` Jarkko Sakkinen
2018-11-21 5:42 ` Jason Gunthorpe
2018-11-21 7:18 ` Jarkko Sakkinen
[not found] ` <F10185EF-C618-45DC-B1F3-0053B8FE417F@gmail.com>
2018-11-21 9:07 ` Jarkko Sakkinen [this message]
2018-11-21 9:14 ` Jarkko Sakkinen
2018-11-20 17:23 ` James Bottomley
2018-11-20 23:12 ` Jarkko Sakkinen
2018-12-10 16:33 ` Ken Goldman
2018-12-10 17:30 ` James Bottomley
2018-12-11 21:47 ` Ken Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181121090706.GA9616@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dpsmith@apertussolutions.com \
--cc=hudson@trmm.net \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=marmarek@invisiblethingslab.com \
--cc=mjg59@google.com \
--cc=monty.wiseman@ge.com \
--cc=montywiseman32@gmail.com \
--cc=persaur@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.