From: Jakub Kicinski <kuba@kernel.org>
To: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Cc: "Szapar-Mudlaw, Martyna" <martyna.szapar-mudlaw@linux.intel.com>,
<andrew+netdev@lunn.ch>, <netdev@vger.kernel.org>,
<horms@kernel.org>, <jiri@resnulli.us>,
<stephen@networkplumber.org>, <anthony.l.nguyen@intel.com>,
<jacob.e.keller@intel.com>, <intel-wired-lan@lists.osuosl.org>
Subject: Re: [RFC 0/1] Proposal for new devlink command to enforce firmware security
Date: Mon, 16 Dec 2024 07:53:03 -0800 [thread overview]
Message-ID: <20241216075303.7667c1a1@kernel.org> (raw)
In-Reply-To: <30e3c7e7-c621-40b9-844c-d218fb3e9f2c@intel.com>
On Mon, 16 Dec 2024 16:09:12 +0100 Przemek Kitszel wrote:
> > Please point me to relevant standard that supports locking in security
> > revision as an action separate from FW update, and over an insecure
> > channel.
> >
> > If you can't find one, please let's not revisit this conversation.
>
> It's not standard, just the design for our e810 (e82x?) FW, but we could
> achieve the goal in one step, while preserving the opt-out mechanism for
> those unwilling customers. I think that this will allow at least some
> customers to prevent possibility of running a known-to-be-bad FW
> (prior to opening given server to the world).
>
> We could simply add DEVLINK_FLASH_OVERWRITE_MIN_VERSION (*) flag for the
> single-step flash update [1], and do the update AND bump our "minsrev"
> in one step.
> The worst that could happen, is that customer will get some newer
> version of the firmware (but a one released by Intel).
> We preserve the simplicity of one .bin file with that too.
Please explain to me how this will all fit into the existing standards
like SPDM. Please take security seriously.. this is not just another
knob. How will attestation of the fact that someone flipped the knob
work?
A much better workaround would be for you to build multiple FW images
and give customers an image which locks in the min version and one
which doesn't.
prev parent reply other threads:[~2024-12-16 15:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-09 13:14 [RFC 0/1] Proposal for new devlink command to enforce firmware security Martyna Szapar-Mudlaw
2024-12-09 13:14 ` [RFC 1/1] devlink: add new devlink lock-firmware command Martyna Szapar-Mudlaw
2024-12-09 23:36 ` [RFC 0/1] Proposal for new devlink command to enforce firmware security Jakub Kicinski
2024-12-11 12:15 ` Szapar-Mudlaw, Martyna
2024-12-11 14:16 ` Andrew Lunn
2024-12-12 2:11 ` Jakub Kicinski
2024-12-16 15:09 ` Przemek Kitszel
2024-12-16 15:53 ` Jakub Kicinski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241216075303.7667c1a1@kernel.org \
--to=kuba@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=anthony.l.nguyen@intel.com \
--cc=horms@kernel.org \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jacob.e.keller@intel.com \
--cc=jiri@resnulli.us \
--cc=martyna.szapar-mudlaw@linux.intel.com \
--cc=netdev@vger.kernel.org \
--cc=przemyslaw.kitszel@intel.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).