Re: [CFRG] [EXTERNAL] pq firmware signing question
Michael StJohns <msj@nthpermutation.com> Mon, 18 March 2024 23:27 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2915C151090 for <cfrg@ietfa.amsl.com>; Mon, 18 Mar 2024 16:27:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6tx3liJrzaRD for <cfrg@ietfa.amsl.com>; Mon, 18 Mar 2024 16:27:09 -0700 (PDT)
Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87000C14F617 for <cfrg@irtf.org>; Mon, 18 Mar 2024 16:27:09 -0700 (PDT)
Received: by mail-ot1-x331.google.com with SMTP id 46e09a7af769-6e69a77f41dso471122a34.3 for <cfrg@irtf.org>; Mon, 18 Mar 2024 16:27:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20230601.gappssmtp.com; s=20230601; t=1710804427; x=1711409227; darn=irtf.org; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=x3Jwl3fWpQkXbQAAtunDhUlMfP46MMtmIb5K/Kl77CM=; b=F6AfpuGKtqLM7Qk7sPKr2E31SHnP+9wgnuw+IyxEHmkeIH4L5gx7tAv+EMrfxCFpt9 WTQ4qFenpnrFNlgnLdqVd07jXwmGrRZUKdixmuX/+yQxxE2CmE2HaxzA3ZKwtIALViCJ E138JJYwQH9UCl+4uGWaUdjI4Mlf/Rmf5LOKG5ykN+llDT4DH6ExSlkeMThGZu7ahd3E fflizvHUe9R96SQmjOkUF5J11K3nE+lIyPXFt/BLnJJjwzGjP9tDMBc7fmeEXZiC/5u9 x5jymBOX3rTctBICZl7AO9FyC+pLoOSBrlyzOH1DQ1RzjkfCFXSQT8eaTjU0unjvJ4Qv mo5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710804427; x=1711409227; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=x3Jwl3fWpQkXbQAAtunDhUlMfP46MMtmIb5K/Kl77CM=; b=KxQytTIeyVJRHdlCK1gOk6pVB8q8qDEQjxrAJdjxEZ2VeUwneU2v/c+N2qfzcE8AlM 8OPpmyGdkui3C/6GB7N2h6Zgwhbm967sqXC3w6HyMZU9emxl9SEn9GFHYL5LPkBYRYU5 weq7iFE+zSIF/Mq5F6Gg55cPJT98iv8tXOQjX767ON5cQunkzWzuGdbO2RZ7zl+tY11l ehnegTRU11OAHe7j9Uo93LLErymmk3AxZh0ZenGb0JprS2QEo5aX1UtEX+OEqTkbKIhV XFxgtuHa04MI87tjlo5jtpgRH5bsYk92Pjt2MCbff+sRn1DCZ/htJHOoBngxTsBq9C3G 1uUg==
X-Gm-Message-State: AOJu0YyBDtRK+dw+BTP6Y9VcR5BNaGB60HZF1Uoz0A6MevrIiqcchq2v dodacCkgi6rtYN9BvGTwMR1czakp3TTLBbrQQWvNx2mRA8APVRYJ8vY6W7Wamn6caw2G9ocRQNw G3lg=
X-Google-Smtp-Source: AGHT+IGapw0KbkAbH34QwcqNqsYk2poJrdah7KPxIGkPdHnCyw0pX7rLcBlYMHvkRTQw35RTtpZG5Q==
X-Received: by 2002:a05:6830:3d02:b0:6e6:a1a4:d6f3 with SMTP id eu2-20020a0568303d0200b006e6a1a4d6f3mr232905otb.29.1710804427466; Mon, 18 Mar 2024 16:27:07 -0700 (PDT)
Received: from [10.252.1.200] (ec2-13-58-170-11.us-east-2.compute.amazonaws.com. [13.58.170.11]) by smtp.gmail.com with ESMTPSA id x6-20020a05620a448600b0078824c140b7sm4976332qkp.27.2024.03.18.16.27.05 for <cfrg@irtf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 18 Mar 2024 16:27:06 -0700 (PDT)
Message-ID: <79768a25-d19e-4e30-95d8-2c023cb41907@nthpermutation.com>
Date: Mon, 18 Mar 2024 19:27:00 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: cfrg@irtf.org
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie> <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5444D732D1619268DB3353B8C12E2@CH0PR11MB5444.namprd11.prod.outlook.com> <5e573fc4-3d45-4757-9c3d-efda3c273ed1@cs.tcd.ie> <4C91EA88-46C3-4C9F-866C-2BCB56F08333@amongbytes.com> <799a47e0-b469-4a46-ae1f-42d7b4e7c6ec@mtg.de> <GVXPR07MB967870DE329836FA8A80E321892D2@GVXPR07MB9678.eurprd07.prod.outlook.com>
From: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <GVXPR07MB967870DE329836FA8A80E321892D2@GVXPR07MB9678.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/H9MwaMYrQzd-yvu3wOTzdlYYWEU>
Subject: Re: [CFRG] [EXTERNAL] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 23:27:11 -0000
On 3/18/2024 11:45 AM, John Mattsson wrote: > Working for hardware manufacturer, I can confirm that burning trust > anchors into hardware is extremely common. You can burn several keys > but you cannot change them. The problem is not so much the keys being burned in, but that the first stage bootloader only supports a small set of algorithms. That changes slowly over time and I haven't seen any indication that MCUs and MPUs coming out in the next 5 years or so will support any PQ based firmware validation in the Boot ROM bootloader. Some devices just (or in addition) use a hash to validate the customer provided second stage bootloader which allows you to avoid the limitations of the first stage bootloader, but that still begs the question of hardware support for PQ safe algorithms so that booting doesn't take 10 minutes or so. Writing a hash of the third stage to secure flash once the signature is verified may be an approach, but few (if any) MPUs (e.g. processors with memory mapping hardware generally) have anything but a few (< 200 ) bytes of OTP. Mike
- [CFRG] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Mike Ounsworth
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] pq firmware signing question Dr. Pala
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Orie Steele
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Kris Kwiatkowski
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Falko Strenzke
- Re: [CFRG] [EXTERNAL] pq firmware signing question John Mattsson
- Re: [CFRG] [EXTERNAL] pq firmware signing question Ilari Liusvaara
- Re: [CFRG] [EXTERNAL] pq firmware signing question Sophie Schmieg
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Michael StJohns