IETF Logo Mail Archive

Re: [CFRG] [EXTERNAL] pq firmware signing question

Mike Ounsworth <Mike.Ounsworth@entrust.com> Sun, 17 March 2024 21:45 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 563C5C14F60D for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 14:45:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-TzB5vbKko3 for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 14:45:55 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14CFDC14F605 for <Cfrg@irtf.org>; Sun, 17 Mar 2024 14:45:54 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42HDJsix027842; Sun, 17 Mar 2024 16:45:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=HSGsSLBFt1JnvNsI5OQGlWH5 idTXDDptqqr0VTcNc2I=; b=OEDdbuNHHsBp8sJlz8RMcY+ceSDh/cPHQMbKrzwy im2L0sOzdDeh3xnUng6ClnS/Nhh5GZCVURZBzDT39+lesKKQ9Jg+TF0Gt1T+8YIW GttU0F8uXFWlP+auGM5J50+5l5j+n6Fed0wCWRRkcdexWOiQTGfmq0WxYKTL5SMh BOioR/3jb0OUL0Wv1n5iXNsf0zUbCU+dx6KAU+viLHYHgduYo1l/5UuxrXRWza5B a4jxZRleMMnyR25E/qdzvb1m+tC798WsuQA5TcsuJiyiTxiFikZtkB/FSl8e+fKm F2FRSMwaDf/7C0bvxByd/RbxWqETbLKq0FY4uz87TB8eiQ==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3ww6dm77b3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 17 Mar 2024 16:45:51 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lRbTdPFkdOZUn5INiZGbnwSJeChhbAuIO74wgRrTV7i7uJj7NTjU8t+qgqSp8g0Z0Zic8CgC7oOfq2qSX9Qw64V/oxgXRz1WU5fBANBLlzUfTU8vZ0bHeWbDaSf//llj0Gl15+2VdMueGop1x6Opf7FRCrRLcvgFcLncmAi5aHRwNuSkef5hVHo0KNmOBdJiNs1gs+0IpNdgI80Yydbr7tDXdOa4eUQ3G8MCZDBwKO4KBkVSnROYoOaHEgkM2Exu3JiCy+vtrzmCXwP/lJQbh8tewjUNitYdLdgqFrUSXZ1zvVqZDEBqbK4joLuGkpHoSI1H8JVNEKnDiViOpfyDgA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HSGsSLBFt1JnvNsI5OQGlWH5idTXDDptqqr0VTcNc2I=; b=JD2Ec+iv5VIH+8R7XatOLWaPyF2IHXjQI0Kay5TAvHuGA7As74fFGXl5StwYSDn2N82qMQYgHumP89T2Dbdw1qJWT7MCSyJbQtNedgqPYxQLDJ1HADwQWY/uCtWADJ8NPZN8a2TbO/nrkvJuinkKE7OQZpEnq95FdJcs+2T5jp72ueOuULAsNPrQN/B9WBcPqc71ETYWmmnKNdTQfPhplY5WIH6QCngn+SJCrpffjPlduZ29jNHEJEFpuYKemiyRxmmwLUzHkt5hMus81MWM2U36EawCoECVgx6FzhxIc8q9jKbN8CIhSoJTjawCwFfakNm/Ub9phRHbMKDepDLkjA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DM4PR11MB6309.namprd11.prod.outlook.com (2603:10b6:8:a8::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.11; Sun, 17 Mar 2024 21:45:46 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03%3]) with mapi id 15.20.7409.010; Sun, 17 Mar 2024 21:45:46 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "cfrg@irtf.org" <Cfrg@irtf.org>
Thread-Topic: [EXTERNAL] [CFRG] pq firmware signing question
Thread-Index: AQHaeLQBaKztM3vOOk2rRW7g6Y2uZbE8dxYr
Date: Sun, 17 Mar 2024 21:45:46 +0000
Message-ID: <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie>
In-Reply-To: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DM4PR11MB6309:EE_
x-ms-office365-filtering-correlation-id: 95d85ab0-c5e1-42b4-ee42-08dc46cb9a67
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YJ/zgY9ApsSaqg+L0fpd9GxJJm/5KqraGy5YwgAexK6CFKMrPUO1CYnHgRxD+CgtLhrtyKUuzOlF+s87kXyx1bxEfX7yzG+PKsD60UX8ZFQxaCm9AramVZN9iBN5SicSwWy6KIavuKjdN2kAoMYPJR2lYmZbKURoPfcf6iJgdCp7AygiyfCyx3yFPGXTapw+s2TVCcx/hNRScZeWwCB5pk+HNb4ZmGxhT+poRsQiVYEZvyZUvg5bzH2akktiVX1Hj9Jk6hcVz4RlWj2TNCwepD1sMDNzQafK+XeVTVeZdzT5IXHx2M/XTK7j16KqM6updTCFQGzFd69Zth0uJI1qtQrIBFz5ZPZS9702mmMwavsQxL89JOkS3G5nqWDbFIw1y+1dLGWVUxwWbAZiojfVHpaIxY6Bqw2CN3v4XSh6VMl6j9ElfgOu3ZYOTgHKpqXeUWBnyiLtSh2sq+1qZSn9Y4nknSbnlP84wXxXtGurX6QpG+xcE628F/3L4MID6dyS32iuribhOhZT2lkDXjKPvlyyLvyJN2tSd468JQld93YIB4r+M+nfMiiUSnP9k0v6tETbOpA2c73OGzV2MDwshmF17OFxqAS1DEpKOtihEsaR/5UYpc/svS34jFqu4WpV54dkNONR6lNd9dkyY1CdcUQXpYBSkj0lIUtZ9hnNw0F8WOwmVpf/8jbNLMl+m1be5qxudC85NMnVHgPTm6eGPiArqmS2fWwqU17pUNulHps=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yhIB1ougIOo8REbZPl8RaeRsFyMkLxVbhdNHQtAE3bVPY/YpuB9QDpg5O4fmNoWv0ijVLXaP6KemLKu3/rKS7qtUlGn9PbHf3WY4oAtNPdACyzvusGZlxA7X30ykiBmSRWlVW1Lz5Ck1D/OXib+tpTYSV+i4kQt5zBScs6lws3GapZOiu7ecpjVy4XO5h0oN3Og8Pv2DKD+LoHakJQrwGAlIBQaA+KacUqAoHj1LyK5q8yMwsNo2qXCpAX0fLdAYL22rXA3/R2ccP3qcMaRg1dHmRG2x8o6/wVO0n9GZgcBFroppjTCf1O9H4d1AfHaPq8V3SgGMyPxHIuNYG1ANRWyFNM4c4znJJpk3bSrW9T+J0sXyG1kjpgjVnVX/kPctFc7HJaR+lyX8+mrEUjgbF3ypVbBPVrkMLC+9k9vQwGEAQn2j4x5d30cH9Otx/4ejgD8qp+vpFfVOewCmzr++tlKlH8AJjAePuCHLuec4l6LgB6ecLyDIdHnZiOmvkJoUUjC4+JLnjODTZwG1+y6gp9ncc5Uj55yUynpXvlehyammOasjbs8q/F1776A2PAnIBnqI0u2wVRc5Wagg+qVTH0KQxhtc7kRjcd6/UKn2/0LYVA9m+9wPZdb/kpYEM9lVkEWykqasT/9meRbXO6qjXKS0YZ5C0BkYf0BgHRxyhiwdklS2jW8f4xH4UFwtmLHyH919NZTI+0v+nGCd8z9aq1xDX9aZBhNgcStPx5J1gzGmHRRAEFbrgxBNzanczE/eMEPajW+S20nZ0z/tGN18ud3X5VDmnIdQl8hcZA+iWg8kFqzKHV62cEc5U2LnPa5OrBQTKlvs1MwrzpI83nHmtG2bLAkIsTm08kEXIvGYwGRfGybho+e5rqjjLRNlPu1S/ii1YPNrvxzgPakcW5JRSUBSRlS6R5UjIpFmg+m8yOKu0bIjwpy3aJzzwx6REhDJbmGJ+nlfzCepOqmltSYszTzZrwGmbjOkMiuwu2MV3zeC9TWDSupwoOaHbK7zL+MILR+iqDdMNz55YSA2QmagW9BIqz7Q9Z+nKutaXqPXhDkVf//MFCJ9FrjfELVX0dxMCIbLdr00h43clk8ZC7TIu5T/LT0/JZ8y2f3PC1r6zmPS3mzfRe+k7o7gKaIjcR72/87KQKtpFBxoifqDqoiM7s3at33kgBlynz4xYoTlj3iMv40BE3tfz7/3MdnpIB7OSn5VbXjQFQjyIrsvydMDqTQR1FAkG/iSmIROG9xk3yEeo9qJnUuuMXrQpKN0kYnIJ71XOO8OnWE62Ri3eiV6b9mE0t9L0DER5oklEGRuOLrDa0K018250CmDvk+rUOTwQyrJSq7YaSAt76569iXgEgLSxfg03X+Ea8U2aVbO2trSbTitRUANQ0WgrtbME/ikO00lHdsbbHJH+zx33YY///361gRX79UuBZWsFv7GQiTm0I50Q4Xzy28fJpBQfhNUwlLx+ICHIfWkAkEbYh/2sTI/2vzO78tSBxIAfRdcafuqzYVbt/IQKGsAk77KHJtLMx6R3Y3iL8XQ5EPARqY654FfpGJWYcGdwLR11cys566sUw1+JsPqC9J+pfUsUjJ8C+ukuGMm+xZ8Pe2+x8bXExlSjTUhoK40D1q/93WlMvA=
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 95d85ab0-c5e1-42b4-ee42-08dc46cb9a67
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2024 21:45:46.2559 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /OTBG4onQylIBnSVPEAL380OnZaYAsy9RYkCrl78wBw8kv/5A5bs1iww4u0aoT5MO5roT+IkNXraEjZt5113N/OTUj8T/bzF92LO3VIjbvc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6309
X-Proofpoint-ORIG-GUID: aeHKsear7qfUvOVAXFla9epkxN6DgL6f
X-Proofpoint-GUID: aeHKsear7qfUvOVAXFla9epkxN6DgL6f
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-17_12,2024-03-15_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=999 adultscore=0 clxscore=1011 impostorscore=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 malwarescore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2403140001 definitions=main-2403170169
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/-Ty6y4vXHUXl0eVMrpBgS-nujCs>
Subject: Re: [CFRG] [EXTERNAL] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2024 21:45:59 -0000

Stephen.

Short answer: firmware verification keys burned into ROM or some other immutable trust store which is itself outside the memory space of the firmware that you can update.

I am not myself a hardware manufacturer, but I have been lead to believe that this is common practice.

- Mike Ounsworth
________________________________
From: CFRG <cfrg-bounces@irtf.org> on behalf of Stephen Farrell <stephen.farrell@cs.tcd.ie>
Sent: Monday, March 18, 2024 7:41:33 AM
To: cfrg@irtf.org <Cfrg@irtf.org>
Subject: [EXTERNAL] [CFRG] pq firmware signing question


Hiya,

A number of people have asserted that firmware signing implies
distributing a public value now, (or soon) on which they may
still have to rely after a CRQC might exist. The implication being
that we should start to do this kind of thing now, based on some
composite sig-alg, verification of which is assumed to be implemented
below the crypto APIs used by relevant applications.

I'd like to try tease bits of that apart to better understand
what's required.

ISTM that firmware signing entirely does allow one to update the
signature keys/algs needed for the next signed firmware update and that
there is no need, given ongoing updates, to continue to depend on
the original key/alg for the public value with which a device was
shipped. IOW, update N can update anything, including the sig
alg required for update N+1.

I don't understand what class of device might be able to load new
firmware but not change the verification alg for sigs on subsequent
updates. If there are such devices, can someone describe 'em?

There does seem to be an exception - a factory-reset of a device
would imply returning to depending on the original public value
and alg. However, a factory reset also seems to imply that a human
can "touch"/control a specific device at a specific point in time
so is not an unattended upgrade. And if someone can touch the
device, then in many cases it'd be cheaper to replace the whole
thing than do a factory reset in the field.

And then there's the issue of the specific signing key - it's hard
to imagine a system where that can be changed but the verification
alg cannot. Are there such systems?

All in all, it seems like a lot of firmware signing deployments
should be able to allow for the evolution of verification algs, and
the set of devices where we now (or soon) need to embed a forever-fixed
alg and key for sig verification has to be very small.

What am I getting wrong there?

Ta,
S.

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email