IETF Logo Mail Archive

Re: [CFRG] [EXTERNAL] pq firmware signing question

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 17 March 2024 21:51 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93D40C14F60D for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 14:51:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.007
X-Spam-Level:
X-Spam-Status: No, score=-2.007 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ecG3OTvH5bw for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 14:51:21 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2071e.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::71e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 174D1C14F5F4 for <Cfrg@irtf.org>; Sun, 17 Mar 2024 14:51:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H86d8z9FG7DSSj1QI1akpB71V4sLTZzjpaY0EwhRzZpetEISSXDUcfly9isLUyoLiS1BGEgYK1VoITcSGibyPLhln/M805DZTA8TWxsf7lw0iktGI7sFPjvRIoCpi2HIwD1quJWoWlLqOcbxllGDsTb8dKJrO1Ebs1VxsVq7846JPTrSvbN7TbbwffY4YRvSZnTEG9rz/BW+L9PemN+DwbHAx/AbCy/1DF4Uj29q9P+FtyuQm3usYpQSy7eCTQ9vceZQ+EjciJbk3zggRWJt9ZttGTJ5JLELjnQLJXcQRlPtfP/QlPnM+q3lR9dqLQR9FZThEM8LHbXTJVaZGzZ7fg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c41Nzrh/29Pdk0OZgabbBRB2nDUdic0YrKfT0FgCzSA=; b=JqXXVNG49FskYvUsfI5Cue/GNh+wALiZreCbo+kZLyg4jYc4ogFQE5e6M4sbZFwH0Rdh3/omIiKLv99EjGwtK11b5MQN0E2+3z3RkS3f+A3PUGZ2EsYxmsewIbbZGhDLdy1XGf6nZ7Tb9jce7dRmoQz6JL7M8qWX3QwCVyCT/NRFPf9Yeug0mHd10sJTWNGx7sRZG8WZ8/NPPx8ry2+IAehWI0aeG3Hr1wf9BSLqKYFfxbsQyltyKX0UaxTe5FiYHqfyFNXfVX2KFpcT9TAKnkjOwwIpor+oK97q/p51mzqsNC/rtvVsPfNwh2BcSs8o7ytKVEVvziVayjcLwLmJdA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c41Nzrh/29Pdk0OZgabbBRB2nDUdic0YrKfT0FgCzSA=; b=JP1acZyDT64CtWbOXNjOPy+mp4UHexMOYt7XmWwRdXCEirPMza7jZw4+q9niUJBpxsaji7hGv6OMqeDGOt/hrHeeX2oOC4A1pDwap9qwQQwAxFoMV+vOMlYDVoNnDqkqrbdM+QC5HRWiQt5KMrx+XTOzewoT3T5WkOeoZLr0hbnUAE8UMvQT7zZs7RbPBcZtRWN8UhebUuZ9DPSCxTdlY/K2c8Pvjps/rKeeAY7X0sLD4uZvGk0WqiNwZRnfIrR9MVoV9jLETdXbc37DHO3mBzc4kQlbhUQMEHlATP1hT05t5WqDYo7/haMi4oq9cJDVLCQBz/OiPbMsVZSk4qTwDA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AS4PR02MB8154.eurprd02.prod.outlook.com (2603:10a6:20b:4cc::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26; Sun, 17 Mar 2024 21:51:14 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9%7]) with mapi id 15.20.7386.025; Sun, 17 Mar 2024 21:51:13 +0000
Message-ID: <6e71bda8-9fab-473e-98e7-6ed559793ced@cs.tcd.ie>
Date: Sun, 17 Mar 2024 21:51:05 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>, "cfrg@irtf.org" <Cfrg@irtf.org>
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie> <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------tb82aiDY0lFBll0BNWSztKEI"
X-ClientProxiedBy: SYCPR01CA0032.ausprd01.prod.outlook.com (2603:10c6:10:e::20) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AS4PR02MB8154:EE_
X-MS-Office365-Filtering-Correlation-Id: 947b19fd-097a-4835-18aa-08dc46cc5d2c
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: uBnE+C7CeSu0VyHELnPnQUeMLrCkORR2gH+edYW6qmimUKLs9w7A/LinPPb8YEO+C22ulnTqYRzn0BEwVJLZ4sMktPD0QzZwMkMoIFk6LrGITKtJuIjTED9wNo27L5btLzRcZ8W5XOV2K0bnZZreBdCrKuU51GKRpxGT3RsalXU2mxHrmKxbwbb1clWY+vyTcJVVly5ghoiuPov6AuRCXeRLDrL2R26+7AOZPjRoKP5TNWiUWA+2zC9zWVlUjFrKMwOeN1oZN952kqp3hO5zDcQGZN3WUJUjmiwbTGr2gWhUEC1xIkB+Be32TaQlO71wYsNHskai5A89xMfniVqjsaavemPRtKrFng8RTT6clzk2r5m9Y5qeY4jgs0mS4gb3pb5odk6N+a7HGnNcJ9+z03C1V6EO+q5iHFZywjDh7zhCZxXJsMnFgJtbfR6N0Ev9SGsw/GiU3VH1R5A/AMcfNFxMawn6zzeX5H/Sq9UCUDJNf+rjPD2fl8sJCIlI2ZPMZApxAaVFrqFo8UfUg63G+Y/8SFjWEJUczce2W73e4cCnqwE0EM/Sx2/8zy2pV8hZfP0aOo08CsARa9vj+WmwiCNZhtyprv2UHByUD/far/92ApI76cL0dmQeYQ1UEntAfg5li/byjxxVSOQpAPgtapMg9IBYCEfHRbQMdXzAQQ4=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: pRFV7sQbbod9vti3xhYAh+xkletHoS+Nv7DGHCFSl+biRQIF+1xPcIYc186souWU+7PrNG5p3ZqJ1m3qRMcoBd5u5m6JpuEtSyN+v08aT8hS7tvRPYvQ5cG+qgiUTjgw18QcCrEr9m0ZyuUaPCFHsljS0s1exptVXYC9nazhziMY1KHZ56bkZ28Tj9YdZ4ozPMxb0p8EF+FVTvadIW2qp/Ned0w/j3f6P41qVTIgOa29Y8s3aKtEglSoAFSvfGjyOfP2Nrty9wPwa9+h6eJFXCr7AKUahBg3uCYH/Dgsruzp/8Y7k3ex1/6sB79CjXK6fTjZknfmL7YNztznerJ9OJeBfGPRnZpknr7PZIYW8HsygnIQyB4/YT+bbMklk0AHD83mvS7WGMHb7+BQIjtCgQgUjGAvHigsjde1sSbiqtgIlsN4NSyNs5LXeDlf6iPQiRCkHUDc35YxIG+adua27rO6eaYNcituXDuCXzDp3FLmb4JnX2r9oAfXV32KGS6OJ8UO5JH+R61vu2fgtwQVaB3SSnkr6y4IJiBGh8eE4TaTLCFXeBsOfNE83gqEGCo/Q3QxKNcrYpxDAB+dwnp3v+a4MhLx+fhIlxcahpLyggwGyTTPVJvQ6DtGbdZNGMIwknLzTFVUVizYXrC5zYTJrt/1EzTP4y4wygL9FNvHU/yCwix7lMdvzHO5F4B6KcQVpyJN2815r0QXJ0X7XmWr7KoKGiB9WuqNr9FQEGvx2gLFfx1jGcUugKoscVsWdlPq5D/gm/GDT/HZtpBCm7gTBZ5pfL+W2gSqGVjjsY41EJSoWSdvJOrUSpgpV8J+68GpvZWpojvtXJxjDO356KRU2rSjBfI1v8fC26tqx8bAkXidYbAfvcy2NB1UID/VZAM3GlOtA4y8MWje8PsNObM0Q0tXV0zhZ3AcN31brQpoyc5ydUXN4ek4i/968AZht15xN1GQ+mm19zo/4Fcc5FVuhkCArssc+dQZsmy59WXXc2Gw+R77u6BfCcnWuWpeTSnj6AcXph+id3WCky0BZqrN/OSiGE7VWJrgweO+WPgexI47Vbut+jhlVb2W2dSUzY5SnTnNB8xjx+RDUwpuRI+v991sgsVk6dokte9CZ+/vKsTt49jTqWXeQ0JFuAe7vRc+INzEpsVIvoM/BwkU0PUBkDupRqlc42G0G4xVfM6I+Sb8lbR/gfbCLVqGy/2kGmd/RAIVNj5dGlClFPusozoZVZHfuF9/XaSED/Ggs5CBv+o4jq16wmrCDxzOLLlV77fV7ws6VLY4F+D1l5luIdkuVCqrIfKk9aTRAj+mRCskl8yiVGoP8ZJPGjSPVVTJfOOHJi93tgRB6cICaZ9QcTbTnxRT/WHxFQRxz6NaXXLEIiPJYe1skkREb/o4gC8UA1gJqNt7N+hiLi2vd4ImrqmTmdmE6cuxQq5a7RoF4znTJmWkvEqmQCgpSNwbcUdXB1IxrfkfDwvxp0O7351HT4hRFT9m4ghsiueR9rMcoheV+N+XuISqrH72t/9EAlZuB/ol929BAET8GizzEdBi82CQrCCR1+zD+9Ej8V22cfkPHenR6b8kvb/BTk1RkAKe4t4g20wWhbQcJd7fJ/jAtw/J2P2Brvjk4RZWCI5CsPTruyU9d5Q7tzsJM+YbbDNOKWQ1
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 947b19fd-097a-4835-18aa-08dc46cc5d2c
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2024 21:51:13.3830 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ue1F6CBtvDO9szL2YybJNE57tZsxL60cIeGY1DsVWJRUYRr7cvXk3c7+C9gkbDMI
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR02MB8154
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/f3vwLN3ddgUy9CxnMif4KbB22ro>
Subject: Re: [CFRG] [EXTERNAL] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2024 21:51:25 -0000


On 17/03/2024 21:45, Mike Ounsworth wrote:
> Stephen.
> 
> Short answer: firmware verification keys burned into ROM or some
> other immutable trust store which is itself outside the memory space
> of the firmware that you can update.

Yep, that's the kind of answer I expected, but some details as
to what and why was more what I was after. You can't of course
update the ROM unless it's an EPROM or similar but it's not clear
(to me:-) that the code that causes that key/alg to be used to
verify new sigs can't be updated.

Cheers,
S.

> 
> I am not myself a hardware manufacturer, but I have been lead to
> believe that this is common practice.
> 
> - Mike Ounsworth ________________________________ From: CFRG
> <cfrg-bounces@irtf.org> on behalf of Stephen Farrell
> <stephen.farrell@cs.tcd.ie> Sent: Monday, March 18, 2024 7:41:33 AM 
> To: cfrg@irtf.org <Cfrg@irtf.org> Subject: [EXTERNAL] [CFRG] pq
> firmware signing question
> 
> 
> Hiya,
> 
> A number of people have asserted that firmware signing implies 
> distributing a public value now, (or soon) on which they may still
> have to rely after a CRQC might exist. The implication being that we
> should start to do this kind of thing now, based on some composite
> sig-alg, verification of which is assumed to be implemented below the
> crypto APIs used by relevant applications.
> 
> I'd like to try tease bits of that apart to better understand what's
> required.
> 
> ISTM that firmware signing entirely does allow one to update the 
> signature keys/algs needed for the next signed firmware update and
> that there is no need, given ongoing updates, to continue to depend
> on the original key/alg for the public value with which a device was 
> shipped. IOW, update N can update anything, including the sig alg
> required for update N+1.
> 
> I don't understand what class of device might be able to load new 
> firmware but not change the verification alg for sigs on subsequent 
> updates. If there are such devices, can someone describe 'em?
> 
> There does seem to be an exception - a factory-reset of a device 
> would imply returning to depending on the original public value and
> alg. However, a factory reset also seems to imply that a human can
> "touch"/control a specific device at a specific point in time so is
> not an unattended upgrade. And if someone can touch the device, then
> in many cases it'd be cheaper to replace the whole thing than do a
> factory reset in the field.
> 
> And then there's the issue of the specific signing key - it's hard to
> imagine a system where that can be changed but the verification alg
> cannot. Are there such systems?
> 
> All in all, it seems like a lot of firmware signing deployments 
> should be able to allow for the evolution of verification algs, and 
> the set of devices where we now (or soon) need to embed a
> forever-fixed alg and key for sig verification has to be very small.
> 
> What am I getting wrong there?
> 
> Ta, S.
> 
> Any email and files/attachments transmitted with it are intended
> solely for the use of the individual or entity to whom they are
> addressed. If this message has been sent to you in error, you must
> not copy, distribute or disclose of the information it contains.
> Please notify Entrust immediately and delete the message from your
> system.
>

v2.23.0 | Report a Bug | By Email