Difference between revisions of "Security notes / Unsorted"

From Helpful
Jump to: navigation, search
m
m (What?)
Line 7: Line 7:
  
 
===What?===
 
===What?===
 +
 +
'''What is it?'''
  
 
Trusted Platform Module is part of the [http://en.wikipedia.org/wiki/Trusted_Computing Trusted Computing] design.
 
Trusted Platform Module is part of the [http://en.wikipedia.org/wiki/Trusted_Computing Trusted Computing] design.
Line 12: Line 14:
  
 
The TPM is basically the hardware part of that design.
 
The TPM is basically the hardware part of that design.
 +
  
 
Physically, TPM is often a hardware module that can be plugged into PC motherboards and laptops, and may be built into laptops (fairly common in business laptops).   
 
Physically, TPM is often a hardware module that can be plugged into PC motherboards and laptops, and may be built into laptops (fairly common in business laptops).   
  
One could also be part of a CPU (helps against some physical attacks), but there is some value to keeping it separate (e.g. if the CPU is upgradable).
+
One could also be part of a CPU (helps against some physical attacks), but there is some value to keeping it separate (practical one if the CPU is upgradable, but also, some attacks might be possible if it's part of the same silicon).
  
{{comment|(You could also implement the spec in code, but doing so means you lose the isolated environment, which defeats half the point)}}
+
{{comment|(You ''could'' implement the spec in code, but doing so means you lose the isolated environment, which defeats half the point)}}
  
  
The TPM is a few different things to different people/needs.
 
It e.g. helps store some keys, creates derived keys without revealing the original, does certain crypto.
 
  
 +
'''What does it do?'''
  
It being separate hardware
+
The TPM is a different things to different people/needs.
: makes attack surface much smaller and some attacks much harder to do remotely,
+
  
: makes it harder to steal keys,
 
  
: means there are some cases where you can ''use'' a key it stored without every transporting it out.
+
It e.g.
 +
helps store some keys,
 +
creates derived keys without revealing the original,
 +
does certain crypto.
 +
 
 +
 
 +
It being separate hardware
 +
: makes it harder to steal certain keys
  
: ...and that you can use some keys without having to keep them in RAM
+
: means there are some cases where you can ''use'' a key it stored without every transporting it out.<!--
 +
:: like message signing to prove you have a key, without ever having that key in RAM {{verify}}-->
  
: Keys for some uses can be marked as "never move these out".
+
: Keys for some uses can be marked as "never move these out"
 
:: Some other uses require them to be migratable, though.
 
:: Some other uses require them to be migratable, though.
  
: lets you tie certain keys to the specific TPM
+
: lets you tie certain keys to specific TPM hardware
 
:: which alleviates certain physical attacks.
 
:: which alleviates certain physical attacks.
:: For example, you can force an encrypted drive to only work on the computer you encrypted it on
+
:: For example, you can force an encrypted drive to only work on the computer you encrypted it on (though note that also poses some risk of data loss)
  
 
: you can prevent booting something that wasn't previously approved  
 
: you can prevent booting something that wasn't previously approved  
Line 45: Line 53:
  
  
 +
In general, it makes attack surface much smaller and some attacks much harder to do remotely.
  
 +
Though note it can be used badly, and even good use can be overestimated.
  
  
Line 73: Line 83:
 
-->
 
-->
  
 +
====On secure boot====
 
<!--
 
<!--
 
'''Secure boot''' is a funny one.
 
'''Secure boot''' is a funny one.
  
Secure boot ''only'' covers boot, and only as much has the OS integrates with it.
 
It mean malware cannot easily infect the first stages of the bootloader,
 
yet it stops early in what you think of as boot (in "waiting until computer is usable" terms),
 
and it does ''nothing'' to to protect you against malware once booted.
 
  
 +
Secure boot assisten by a TPM is roughly the idea that you can sign early parts of boot code,
 +
in a way that is hard to imitate, and the TPM can check that it was the same code it was before.
  
This may still be enough to e.g. protect against boot based exploits, some physical attacks, such as some that might try to defeat full-drive encryption.
 
  
 +
In other words, your computer will only boot the same code it did before.
  
 +
Without a TPM, there is always a stage where you have to trust the code does what it ''says'' it does.
  
Secure boot is roughly the idea that your system will not boot when it doesn't match something that was signed previously.
 
  
Without a TPM, it comes down to having to trust some code to do what it ''says'' it does.
 
  
That will typically be the bootloader -- but if that's on your hard drive, or even in your BIOS,  
+
'''However''', with TPM assisted secure boot, that point merely comes ''later''.
that's code and data that can be changed.
+
  
The TPM helps in that it can both ''store'' a key and ''check'' according to that key,
+
Secure boot ''only'' covers the first stages of the bootloader.
 +
And yes, that may be great against a specific specific category of early-boot attack (where malware might hide at such a low level that it can hide from the OS that loads on top of it).
  
 +
It's also potentially a good protection against certain physical attacks, such as some that might try to defeat full-drive encryption.
  
-->
 
  
 +
But in itself, that is the only thing it ''could possibly'' protect.
 +
 +
And yes, OSes ''can'' use secure boot to carry that a ''little''' further,
 +
but for very practical reasons, not very far.
 +
 +
By the time that OS logo is animating, we're usually ''way'' past any of this protection.
 +
Put more practically, you can still infect the OS itself, and you're still as screwed s before.
 +
 +
Once you're on your way to showing a desktop, you ''certainly'' are.
 +
 +
(Not least because any code that is updateable is hard to validate with certainty)
 +
 +
-->
  
 
==="Can't detect TPM device"===
 
==="Can't detect TPM device"===

Revision as of 16:20, 3 January 2022

Security related stuff.

Practical


Theory / unsorted



how to do a login system badly
how to do encryption badly
Disk and file encryption notes
This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)


TPM

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

What?

What is it?

Trusted Platform Module is part of the Trusted Computing design.


The TPM is basically the hardware part of that design.


Physically, TPM is often a hardware module that can be plugged into PC motherboards and laptops, and may be built into laptops (fairly common in business laptops).

One could also be part of a CPU (helps against some physical attacks), but there is some value to keeping it separate (practical one if the CPU is upgradable, but also, some attacks might be possible if it's part of the same silicon).

(You could implement the spec in code, but doing so means you lose the isolated environment, which defeats half the point)


What does it do?

The TPM is a different things to different people/needs.


It e.g. helps store some keys, creates derived keys without revealing the original, does certain crypto.


It being separate hardware

makes it harder to steal certain keys
means there are some cases where you can use a key it stored without every transporting it out.
Keys for some uses can be marked as "never move these out"
Some other uses require them to be migratable, though.
lets you tie certain keys to specific TPM hardware
which alleviates certain physical attacks.
For example, you can force an encrypted drive to only work on the computer you encrypted it on (though note that also poses some risk of data loss)
you can prevent booting something that wasn't previously approved
as protection against malware that alters the boot
again, with footnotes.


In general, it makes attack surface much smaller and some attacks much harder to do remotely.

Though note it can be used badly, and even good use can be overestimated.



On secure boot

"Can't detect TPM device"

Means the BIOS knows that you can plug in a TPM module, and is looking for it (being told to, or always does), and doesn't find one.

So tell it not to look for one (if you can), plug one in, or ignore this message. It's often under a header named something like 'Trusted Computing'

Some BIOSes will always look for it(verify), in which case you can just ignore the message.

More acronyms

What does TPM not protect?

TPM versus TPM2

Use and criticism, strengths and weaknesses

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

See also

Nonce

Challenge/response

ZKP

JSON Web Signature, Encryption, Tokens

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)