Re: [CFRG] [EXTERNAL] pq firmware signing question
John Mattsson <john.mattsson@ericsson.com> Mon, 18 March 2024 15:45 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17C05C180B54 for <cfrg@ietfa.amsl.com>; Mon, 18 Mar 2024 08:45:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8aFm_lTzzRZE for <cfrg@ietfa.amsl.com>; Mon, 18 Mar 2024 08:45:06 -0700 (PDT)
Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on20700.outbound.protection.outlook.com [IPv6:2a01:111:f403:2606::700]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23204C18DBA1 for <Cfrg@irtf.org>; Mon, 18 Mar 2024 08:45:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jxywSVTDi0gKrQSiiMK3Z7nwWF+4gYfIEd+Hcfz/RZppEVjaKChuEbF4w18OnwGjea9Emg732ih8p3iIk9kU5ALB74mgLoSfMTE/UDYfWMnExgbP3KgNFGYuOxnvCtSvvNHBe2TqeyDt2mKHPpl+4BZoh1ZyVZ/029sphTvqe75XUOCjo0Kb4/U/KZij4zF/lktMUcvpiugAq8ctCSXxoB+naQBnYgpFmqUhKF2BuB7ZLTMKVt1WPPVtJ9SvElMQJWun3lwMU04AgXb36AnMtaFdYMtADlUWRedKJeUNf23+1DJuUODEYOipQWoRcsQlFunRPOb9x4Iq6HvPKQ8rvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bBYWEJ6pkPlLeadkt99caX93YdpuwHL9Q47eGB4ZzCA=; b=Rce9ZztCRwQay72h9PXsqmcIeQMg6SGF0M+VVNHXRNfz/NQgSEBsbLMacI/G8BmCXfgipsWo2TIGcR+t3To2iPhhDutAj2cGyXlU5I4UcKgbb3H2702xfsQvi/ut9GDO3xnCdVdySAZRzV4L6fEAn7uRdHEsfzUaD4rHwDr0Wvua0xdVCL6JQLOlg16OEuAR7gcqxaYL9+589UEThCcomIowJ2STTWpdQXYh5MiVpyLxtfapWfkbHkgRuI/Uh7ldIIcMAm6n3l3hLAwTrheo3wTx6czAUcE/u4ZhZ1CTMmYrVOpp/+GbYu06guSHEZLTI+JdZyA/P/wNc/cu0TUGXw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bBYWEJ6pkPlLeadkt99caX93YdpuwHL9Q47eGB4ZzCA=; b=XCa+vHjRil9LyoboFD7tlM26Vs/ydiCc0ddm+0e5glydE1AMUtw8K7CykZ1+25Aowoufv0MIFzXfqAVRHXi+pMdBmwQB9rILTno9kd+bhZxmxizCoLyNn4sSObWtutOWa9vF5GyaNTU5cak6KLZedJYOBrh7KVkDLDz5sPAqx3xhOYwV2POs/8Qpnm74NRVViN/EPrl0ksUK5JUAGU05rsT4eeAuXf4us9ZhIwzrYWRn0VXwf5y6+Fh72NEhwssUB9VBB2Kc5j7Mfg1ofYoydMUJeX9Jupv+2sEOhH81TQEcM3aUkDoVArKk9VqEn4guav+Du+vXv3Dc42/IUHApOg==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DB9PR07MB8476.eurprd07.prod.outlook.com (2603:10a6:10:373::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26; Mon, 18 Mar 2024 15:45:01 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::b0d0:9785:585a:9568]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::b0d0:9785:585a:9568%4]) with mapi id 15.20.7386.025; Mon, 18 Mar 2024 15:45:00 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Falko Strenzke <falko.strenzke@mtg.de>, Kris Kwiatkowski <kris@amongbytes.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, "cfrg@irtf.org" <Cfrg@irtf.org>
Thread-Topic: [CFRG] [EXTERNAL] pq firmware signing question
Thread-Index: AQHaeLaYekmGA/0lTECuzOJ69STnMrE8fxQAgAESnwCAAAiqWQ==
Date: Mon, 18 Mar 2024 15:45:00 +0000
Message-ID: <GVXPR07MB967870DE329836FA8A80E321892D2@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie> <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5444D732D1619268DB3353B8C12E2@CH0PR11MB5444.namprd11.prod.outlook.com> <5e573fc4-3d45-4757-9c3d-efda3c273ed1@cs.tcd.ie> <4C91EA88-46C3-4C9F-866C-2BCB56F08333@amongbytes.com> <799a47e0-b469-4a46-ae1f-42d7b4e7c6ec@mtg.de>
In-Reply-To: <799a47e0-b469-4a46-ae1f-42d7b4e7c6ec@mtg.de>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DB9PR07MB8476:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lODcuoxsWY37XflRi2Wffk7eo6/mjOj4FzKj0wb36km29atjUdqN9a3i2FAixGDcvHY+vXsk3kRaERfE/NjoGXS9Q53r5oK1b9RKANwvMgmtGKGWckAxxOM3wXZyQ96NWdQMggtPZAyzPH3T4vMGnLC5biFN2VZ+9X0eynLr1FsG3qrMJwMWhhAQ0T1vccSFmptgKx5BUviSZRb63AueEMBYqU94ZeisiBR/Umr//GQ30tKxS0QlPgPbihIWi6SeLD4jT9AQXXYuXDHeF1dZZrjicwEFfie8luu3+w42W3SEQwfZQjvH1UBjRzSMnkdm+7SMBBviAPSYbVNg4icv6POQAdvzRtuCAW9Cem19IGBbBID1gYN35ZyrxugVsOKLEG3G8v5drWJ89v1vblLLpBzi9ScQGkwB4ooTrDJm25ZmzWiCVqAG3IbGa9AUWILbSfdgJynWhZNxOB3k13AVMQLJ7F/8qz3h3Va+ScxojWxg0gaP4NIzz7SWUjGyljuyC377jFbMXzpf6ZlOlNphEaUQ2++YhKypLQx08v6ve4l89fl+C1fs2gHensr04XShmhcdD4HfO5R2N2odFLyMyVWtahCW8eOvSTAI4/CdNE0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(376005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: fAdwvegJMSh7DZAwwNtudQs2bOATQYVS4l776NMZ6d6GcUOCiJy8Ike2FI6cYKapoOmCk3sf2599GBuB+iWgoLKXs0usB1LzwgbWUSl+65BYliuWyLE4DwWCQdO2bxWfFqZ2KcawYcFEgZa4xIs0PU0v12e2VX3jgA8pyD3998v+uUz7XqowsKG4fLpMjq+4bWfdMzE2KFirsdJjm4Whap093cBW5mDh94XeTL9gv23jEb9kuiJXyMYL4uaXFEE2zyyWPGEQMBxjx15E0U+Xd5Czx0HloaIznh6zIHjpXwbl2Po0JaJll3vDmZZRC8ldp+JfcM/QY0MgVuX7Wr2A933w2a/kkZ/I+sZHSOKGlAD/ZzE2vAAR/MapxfcTtVgtb+cUffRUsGPE/9eOLAMSbM2MsQj77cKpK7uGQ28zqY2jUL8fq7nuxVxjNKsfott4S7CwOWDGPr0pXDhc2Pbb/ZsnBfVv5knCIyAH4fOUfjQb2njFnxS3AIMO6wQGyT4mVU01qPnl/CTcQNVNejAyp4+0NtCzGhGQpqJZv4Ri1eAHtYoAu5KGSvWv7WGVEb5bpr3mN+GrpiCm6N2SQXvqkWkoPfW5gWmPidKWoSdIZqtXdOhTqCRZIEmNKJjQ490hqlwfRQI0kxAavtiAFFTYJkyKmiZYpVblblVytoLOWTan9AiYEcRo1xg0nzCRfJqar6zmcv2H0AWUTyOyM5ywmhfj7DiAmXMc5fy4Qu186NUBYckyWGVUqCJesxk7NzqsjINzq+rY2I6afwHjpl62eiFUAIpESKQ6o35oMQMl2QjXhsSgqqrIJZQpRiVX1mDNFWa9YbCHOteOjv1wn6a5jqXDpJEl6gx0m8P9F4b08dcS2gDGq3SpQ6d6fWBaMVkETXvc44s32cpy4VtrSWyyWFnxfVjEePIy0WxtgF/9cGL6tOE3YEck7G4TsKQaAyzK6REu0eAaClxq6En1BEA72PhsgLnI1N/QDoxVfnC9fjGiapwL7+YGhsHrixVIHGdl07LVex2XQLymjQdNF5zXoyTI9T3jzsLVmYZTts8QwoIOPOjjWFySdnOQXzd8oPWVqp/v4V2kabdphykug7XDp1sf71h+lQmS99GAA+9gu/cmuruwIrz424LOfBKiaZHp5+pfi/WV+w5VWvLQdYGktSg8cxpi4HIcPTnFgvYr214I/0QR7mZT0d4wa6NufQuqq83D+hyWGRJrtg0MKv9rpBC5PjTzIT9hpnnMnbEql9SK+U1Vh9OnikBBBOWA6RUK8n/HyHMGZKuaVP0QaEvPt8NSEXyFDwE7cRdkqKAkmpg5PgsNwsTJkgniTLlwMGWo4WlFHRVW8GiEZUJ9UTenK+SL+KEBee6bhqjxxW30daYRdnJQp23qVUhMX/lX96htOJjRUGMJ6+qd0hZWnaN1uP0xHhf6G/+S2/nkZ9TTdv0dwaLZaaEKTtzZmASB70b7WZpjzw4MhGHi9+cupJCWPQlIbuhsqGl0uDrTngmgre4vJZs67hrpD/ddOOKRB755c4p/KXdNYyVtdRGp5AqS+yjWWh03eMZx4kXXuUm5uwR0JumGADwj/fxkReZ69OrWsoLEin87ta8+5a5GdNGopulffESqHZ4L505W0spNWh8=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB967870DE329836FA8A80E321892D2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aba59afc-54e6-47d7-ffcf-08dc47625f23
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2024 15:45:00.8140 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0TQ2zOlmQVIUaH74q1P8VCpQ1Q0odUQhxIGIHE7GQfPW0stk94e4DDWCFYMiVMFnga1poPyiiZNXRc+enlBzSBxJ1t0TWtbilD+F0e7MwCQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB8476
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/A8yRuq5SjiBEBFR2lw4XQZSAHSM>
Subject: Re: [CFRG] [EXTERNAL] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 15:45:11 -0000
Stephen Farrell wrote: >Thanks. Can you provide (ptrs to) more details? Other that for a very tiny range of devices, I don't get why the upgraded device can't change the range of sig algs usable. I'm also surprised that (I guess) the root of trust for the signing key also can't be changed ever. >What I'm trying to understand is how prevalent such devices might be, and therefore how much to weigh their specific requirements against what's needed for almost all devices that don't have those specific requirements. Working for hardware manufacturer, I can confirm that burning trust anchors into hardware is extremely common. You can burn several keys but you cannot change them. This use is very prevalent. Some requirement, that may or may not affect CFRG: * We need ML-DSA and SLH-DSA asap. For many companies this is priority number one, not ML-KEM. ML-KEM can be added in software, and for many systems a malicious firmware update in 20 years is much worse that that a quantum computer decrypting information in 20 years. The application data is often is encrypted on a higher layer, and early CRQCs (if they ever are built) is expected to be expensive and to target high-value resources. Uploading a fake firware is typically worth much more for an attacker than decrypting a small amount of metadata (assuming best practice of rekying with ephemeral-ephemeral ECDH every 1 hour and 1-100 GB is followed). X25519 is extremely fast. * The conservative SLH-DSA is security wise quite attractive for this use case but the keys are a bit big. My hardware people tells me that they want to keep the amount of burned bytes small. As ML-DSA is in CNSA 2.0 my feeling is that ML-DSA is more commercially available. ML-DSA also have better performance and smaller keys. * The private key in trust anchors is typically used a small amount of times. SLH-DSA tuned for much less than 2^64 signatures is a good fit. The signing speed is almost irrelevant. The verification speed is important. * Verifying two signatures, e.g., ML-DSA + EdDSA makes sense for this use case, but we strongly need ML-DSA standalone if that is required for CNSA 2.0 compliance. * As ML-DSA and ML-KEM relies on SHA-3/Keccak I think it make sense that all protocols allow KMAC as an option for key derivation. Forcing people to implement both HMAC-SHA-2 and KMAC does not make sense long-term. Cheers, John From: CFRG <cfrg-bounces@irtf.org> on behalf of Falko Strenzke <falko.strenzke@mtg.de> Date: Tuesday, 19 March 2024 at 00:36 To: Kris Kwiatkowski <kris@amongbytes.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie> Cc: Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com>, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, cfrg@irtf.org <Cfrg@irtf.org> Subject: Re: [CFRG] [EXTERNAL] pq firmware signing question Some people who received this message don't often get email from falko.strenzke@mtg.de. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> And this is a (one of the many on the net) summary of NXP's secure boot mechanism, which also burns the trust anchor certificates into the device's memory permanently: https://variwiki.com/index.php?title=High_Assurance_Boot_MX8&release=RELEASE_DUNFELL_V1.5_VAR-SOM-MX8 NXP i.MX platforms are application processors, meaning they are meant to run operating systems like Linux as the basis for a wide range of industrial and consumer electronics applications. For the background: permanent trust anchors for firmware update verification are needed to achieve a sufficient level of trust in the device's ability to always perform secure updates, no matter what type of attacker – remote or local – may have previously interfered with the device. - Falko Am 17.03.24 um 23:12 schrieb Kris Kwiatkowski: On 18 Mar 2024, at 08:00, Stephen Farrell <stephen.farrell@cs.tcd.ie><mailto:stephen.farrell@cs.tcd.ie> wrote: What I'm trying to understand is how prevalent such devices might be, and therefore how much to weigh their specific requirements against what's needed for almost all devices that don't have those specific requirements. Quite prevalent - whatever needs secure boot (mobile phones and SmartNICs are two types of devices I personally worked with). Section about secure boot in ARM documentation is good place to start: https://developer.arm.com/documentation/PRD29-GENC-009492/c/TrustZone-Software-Architecture/Booting-a-secure-system/Secure-boot _______________________________________________ CFRG mailing list CFRG@irtf.org<mailto:CFRG@irtf.org> https://mailman.irtf.org/mailman/listinfo/cfrg -- MTG AG Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de<mailto:falko.strenzke@mtg.de> Web: mtg.de<https://www.mtg.de/> MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy<https://www.mtg.de/en/privacy-policy>
- [CFRG] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Mike Ounsworth
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] pq firmware signing question Dr. Pala
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Orie Steele
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Kris Kwiatkowski
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Falko Strenzke
- Re: [CFRG] [EXTERNAL] pq firmware signing question John Mattsson
- Re: [CFRG] [EXTERNAL] pq firmware signing question Ilari Liusvaara
- Re: [CFRG] [EXTERNAL] pq firmware signing question Sophie Schmieg
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Michael StJohns