On Fri, 22 Jun 2001, Patrick Valsecchi wrote:
> I can sign the kernel, the executables and the libraries. The loader (lilo) can
> be in the securized memory of the processor. So before it loads the kernel, it
> checks the signature with the smartcard. Then I'm quit sure it's my own kernel
> that runs on this machine. From that, the kernel can check the executable by
> computing its CRC and compare it with the signed CRC (stored in the ELF
> header). The signed CRC is checked by the smartcard itself.
Ok, so you have a bunch of executables and a table of pre-computed CRC's.
Where do you store those CRCs? You'll need to store all of them in your
secured memory, but that memory better be accessable by software because
if you have to update (ie: fix bugs) the bins, or kernel, you don't want
to have to replace the hardware.
You're striving for security here, but if you lock all those CRC's in ROM
and someone finds a hole -- you're pinned. You won't be able to offer a
security patch to your users because you can't replace your own binaries.
And, this won't help anyhow .. because it would be easy for an attacker to
load an arbitrary bin with a proper CRC. Just create a bin with a few K of
static space in it, all zeros, calculate the CRC, and then modify the
static space to give the proper CRC. This really isn't all THAT hard to
do, really.. trial and error, mostly.
You'll need to use something cryptographically secure .. like MD5. And now
your speed penalty just jumped up a few orders of magnitude.
> My main concern is to make sure its my kernel that runs on this machine. From
> that point I think everything gonna be alright. I think the solution resides in
> the processor security features. But I didn't looked at it for the moment. From
> want I eared I can have secured ROM memory bundled inside the processed, wich
> could solve my loader problem.
Using the same technique described above, it wouldn't be hard to load a
custom kernel either. And if you're going to have module support, you'll
need to worry about plugging that hole too.
--
Michael Graffam ([EMAIL PROTECTED])
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
