Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp375508pxf; Thu, 11 Mar 2021 06:09:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJzM/6T2pjkXhfPQhq70u6pY5MjSszDc81zR4YzbsIE1o2Zl691aGRj9G6QnNhaqj162L+hO X-Received: by 2002:a05:6402:30a5:: with SMTP id df5mr8848768edb.24.1615471753768; Thu, 11 Mar 2021 06:09:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615471753; cv=none; d=google.com; s=arc-20160816; b=0eIoS9+DonGRq09NzqgZiWJnooxA4CS9suNLtGRTzhLJFz54ZphFSSaRxb+ZF0wzI9 1/vPl6aHvx6G3pPzu5Of0cyoXh+XdKTlpOOmA3bc/7/7ho3tcopXBnf6SKyh/LCqu1Hb Fmwlvtj/DxmctwYpF5bDocwpV14oMqcyCIVvarwafVD2jo1YJ1zxSfoYPNK5646bqRpP loZ/3f1hNOZXl3VJqvw17I01IlneaC41vOx1uNwqAyRaqiyb+CNPP/HfAt+LNzWMsoy1 vg4GbIgWtgHpzpspTuQJOuV7yl3SZMwGckqCWpX9RbTmYdrIfL5pOmrA3AK6ifT9TWHZ Hqqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=CHnGCeoowP5PFesTvIESZpd7+nGkmxFN1dwqmxmprX0=; b=C5G3KOVNXq0tsXrwzOqkYUwLibxrcyPr4GIXzgAH/Lhv49QMlVipc35OJEEP6TBdyy EXDZ1UEvFcW4XJINv1vypDVLZhVXVM+0ty4l6Z5GAw/aopGT44JS1zUNnpu4hW99qHZm 0UuPI7wTwXj5068ijQtuHVfjXQQEJTrL+B9LAN1gQND0k79guS6bSFWlTOA5LbTBFKon WQviAzr6yL4/aR7j2AWkefWhSSYwK9Xg+PW5khpciNkTrv6Qp0W50zZF+Ayrrk7qTh8k d60V2ouM5sSacJp4KBq5+1R9F6OqHA13hdr7rmUff7thM08jvIrDHpLjnYvPSh6LJ4IQ 9ARQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="P9jt8a/P"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v2si1870008ejg.251.2021.03.11.06.08.49; Thu, 11 Mar 2021 06:09:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="P9jt8a/P"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233708AbhCKOHu (ORCPT + 99 others); Thu, 11 Mar 2021 09:07:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54672 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233586AbhCKOHS (ORCPT ); Thu, 11 Mar 2021 09:07:18 -0500 Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D4F2C061762 for ; Thu, 11 Mar 2021 06:07:18 -0800 (PST) Received: by mail-lj1-x230.google.com with SMTP id z25so2295800lja.3 for ; Thu, 11 Mar 2021 06:07:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CHnGCeoowP5PFesTvIESZpd7+nGkmxFN1dwqmxmprX0=; b=P9jt8a/PZFgZ7/tm4OY+mMakXBfjAqCxLNc6hLIgsguSdWN+nw9CovlkNe3KK5Tmm0 9cTobVG9wP6LXfdR3gKpkt9q/YmzFNYCeVMlrGeA+PZJLepUZmSrIEhG0Ghd3ZFyg3JB kfBsIL3bPaLsqZH+HPi3KYwe8BcF90sxYez8S7jZ9bWMiog+XmtKQgDKHZOUgoUQC3fw xtedydsZXIpmMrz8LXXH8XzApOPD0h+75d5pIFB8aAk5K2qhq35R1Jv9i2HEecEtnoBA WylYvJkZIKq+BX2l6xYPvS0nFLZQyIQH+OSzO1wCq3pVD8Q93813Cspex8me5vTILhVT hPYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CHnGCeoowP5PFesTvIESZpd7+nGkmxFN1dwqmxmprX0=; b=osfN8ZpLlpdyb64k01U37UCeKHbB+dQdouDrRBY6JopvApEJ1xGQ02ztTvvMVMEFlo 3FK9GlYjpDV0k6VvdJkNNOAmxNa35InVFFy2qlNAhOAkwG8DCU/Zlxxp5eayrUdeSyN4 5WA4Nf3PW1YlbZ//mTdYLUDG5xx3gys+ldicA+6PGoQClFVJxzsRRBxVRiAWlDrYLrkY o8CAa0BLaboaFOP+EhjOUTnAPl5ctTHEegTRp/+Ca6JkYnSlDGIkd+RW65IH1f18rNQb RbIZTKSri5eZ+4cqg+OIp2x5dQH8DBQw+HF8ydvOQCBzEos668xtP2kqY6bfvKEDUf3Y mAfg== X-Gm-Message-State: AOAM53251EWz27O0n6F31vFAK5eshgDjeS1KLW0HR4SpkaUMfeG7JOng 4SNz9XILdApGdQFIHYaESY3A/3hCIJpZpVWMxg5+KA== X-Received: by 2002:a2e:864a:: with SMTP id i10mr4758406ljj.467.1615471636398; Thu, 11 Mar 2021 06:07:16 -0800 (PST) MIME-Version: 1.0 References: <20210303135500.24673-1-alex.bennee@linaro.org> <20210303135500.24673-2-alex.bennee@linaro.org> <20210305075131.GA15940@goby> <6c542548-cc16-af68-c755-df52bd13b209@marcan.st> <0a26713a-8988-1713-4358-bc62364b9e25@marcan.st> <32bdceb1-e70d-7481-96e3-a064a7108eb9@marcan.st> In-Reply-To: <32bdceb1-e70d-7481-96e3-a064a7108eb9@marcan.st> From: Linus Walleij Date: Thu, 11 Mar 2021 15:06:57 +0100 Message-ID: Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem To: Hector Martin Cc: David Howells , "open list:ASYMMETRIC KEYS" , Jarkko Sakkinen , Sumit Garg , Arnd Bergmann , Joakim Bech , =?UTF-8?B?QWxleCBCZW5uw6ll?= , "linux-kernel@vger.kernel.org" , Maxim Uvarov , Ilias Apalodimas , Ruchika Gupta , "Winkler, Tomas" , yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com, linux-mmc , linux-scsi , linux-nvme@vger.kernel.org, Ulf Hansson , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 11, 2021 at 10:22 AM Hector Martin wrote: > On 11/03/2021 09.36, Linus Walleij wrote: > > The typical use-case mentioned in one reference is to restrict > > the number of password/pin attempts and combine that with > > secure time to make sure that longer and longer intervals are > > required between password attempts. > > > > This seems pretty neat to me. > > Yes, but to implement that you don't need any secure storage *at all*. > If all the RPMB did was authenticate an incrementing counter, you could > just store the tuple inside a blob > of secure (encrypted and MACed) storage on any random Flash device, > along with the counter value, and thus prevent rollbacks that way (some > finer design points are needed to deal with power loss protection and > ordering, but the theory holds). Yes. And this is what mobile phone vendors typically did. But the nature of different electrical attacks made them worried about different schemes involving cutting power and disturbing signals with different probes, so they wanted this counter implemented in hardware and that is why RPMB exists at all (IIUC). It is fine to be of the opinion that this entire piece of hardware is pointless because the same can be achieved using well written software. The position that the kernel community shall just ignore this hardware is a possible outcome of this discussion, but we need to have the discussion anyway, because now a RPMB framework is being promoted. The people who want it will need to sell it to us. > > With RPMB this can be properly protected against because > > the next attempt can not be made until after the RPMB > > monotonic counter has been increased. > > But this is only enforced by software. If you do not have secure boot, > you can just patch software to allow infinite tries without touching the > RPMB. The RPMB doesn't check PINs for you, it doesn't even gate read > access to data in any way. All it does is promise you cannot make the > counter count down, or make the data stored within go back in time. This is true, I guess the argument is something along the line that if one link in the chain is weaker, why harden any other link, the chain will break anyway? (The rest of your message seems to underscore this position.) I am more of the position let's harden this link if we can and then deal with the others when they come up, i.e. my concern is this piece of the puzzle, even if it is not the centerpiece (maybe the centerpiece is secure boot what do I know). Yours, Linus Walleij