Opened 7 years ago

Closed 5 years ago

#1496 closed task (fixed)

Switch to real public keys

Reported by: jg Owned by: wmb@…
Priority: high Milestone: Future Release
Component: ofw - open firmware Version:
Keywords: security Cc: krstic, dilinger, holger, elvis.wu@…, Bryan.Ma@…, davidlin@…, ian.huang@…, gregorio
Blocked By: #1495 Blocking:
Deployments affected: Action Needed: never set
Verified: no

Description (last modified by jg)

It may take a bit before Ivan completes #1495; a temporary key could be used in the meanwhile, and the real key substituted in a later update, though messing with manufacturing data is never our idea of fun.

There are at last 4 keys that go into SPI flash.

Change History (18)

comment:1 Changed 7 years ago by holger

  • Cc holger added
  • Verified unset

comment:2 Changed 7 years ago by wmb@…

  • Component changed from ofw - open firmware to manufacturing process
  • Owner changed from wmb@… to vance.ke

OFW already reports all the manufacturing data in the device tree, and there is another ticket for exposing the device tree to user space.

The remaining task for this ticket is thus to put the public key in the manufacturing data. That is a manufacturing process step, not something that is done directly in OFW code, so I'm reassigning this bug to manufacturing.

comment:3 Changed 7 years ago by cjb

If this bug tracks everything up to userspace, it must also include getting the ofwfs device tree patch included in our kernel.

comment:4 Changed 7 years ago by vance.ke

  • Cc elvis.wu@… Bryan.Ma@… davidlin@… ian.huang@… added
  • Owner changed from vance.ke to Luna

Hi, we don't know which detail procedures needed to do.
Could you please give us the details. Thanks. e.g.:

  1. Where is proper OLPC public key location in 2k manufacturing data area of BIOS.
  2. Use what utility to generate OLPC public key.
  3. What is formation , length of OLPC public key in 2k location? (e.g. xxx.asc , xxx.gpg ,...)
  4. etc.

Dear Luna,
Please assist factory and co-work with Elvis with the issue. Thanks.

Ref: http://wiki.laptop.org/go/Manufacturing_Data

comment:5 Changed 7 years ago by jg

  1. Mitch can assign the manufacturing data code for it.
  2. Ivan can tell you the format we will use, though I'm sure it will be representable as ascii.
  3. Ivan is responsible for generating the real public key. If this cannot be done in a timely fashion, we can supply a temporary one until the escrow and physical security issues are handled at OLPC.a

comment:6 Changed 7 years ago by kimquirk

The device tree patch is in 406.6. Ivan will be generating a temporary key. This should go in immediately after OFW version is known for B4.

comment:7 Changed 7 years ago by krstic

Temporary (testing) public key payload is here:

http://dev.laptop.org/~krstic/testkey_0612.public

comment:8 Changed 7 years ago by wmb@…

  • Component changed from manufacturing process to ofw - open firmware
  • Owner changed from Luna to wmb@…
  • Status changed from new to assigned

I have been discussing this whole public key issue with Ivan. The current thinking is that the public key does not need differ from country to country. That being the case, it makes more sense to embed the PK in OFW, instead of putting it in the manufacturing data.

The only current "client" of the PK is secure firmware update, which means that nothing outside of OFW needs to see the PK except perhaps for diagnostic purposes.

Consequently, we should just wait until OFW integrates the secure update feature and incorporate the PK in OFW as part of that effort. The milestone remains Trial-2, but the responsibility is now solely in the OFW domain. No need for manufacturing support at the present time.

comment:9 Changed 7 years ago by jg

  • Milestone changed from Trial-2 to Trial-3

comment:10 Changed 7 years ago by jg

  • Description modified (diff)
  • Priority changed from high to blocker
  • Summary changed from OLPC public key needs to be in the manufacturing data for OFW, and exposed up through Linux to user space to OLPC public keys need to be in the manufacturing data for OFW, and exposed up through Linux to user space

comment:11 Changed 7 years ago by kimquirk

  • Milestone changed from Trial-3 to First Deployment, V1.0

Moving to FRS since we don't have real keys for Trial-3

comment:12 Changed 7 years ago by wmb@…

  • Summary changed from OLPC public keys need to be in the manufacturing data for OFW, and exposed up through Linux to user space to Switch to real public keys

comment:13 Changed 7 years ago by wmb@…

Q2D01 uses a different set of "MP" keys. The "real" HSM-generated keys are not yet available.

comment:14 Changed 6 years ago by gregorio

  • Action Needed set to never set
  • Cc gregorio added

Is this really a blocker for 8.2.0?

If so, can we get a design proposal and lead customer ASAP?

If not please reset the target release and add it to the 9.1.0 tracking page at: <br> http://wiki.laptop.org/go/9.1.0#Priorities_from_Engineering

comment:15 Changed 6 years ago by wmb@…

  • Blocked By 1495 added

comment:16 Changed 6 years ago by wmb@…

  • Milestone changed from 8.2.0 (was Update.2) to Future Release
  • Priority changed from blocker to high

comment:17 Changed 6 years ago by cscott

I've got some software security work I want to get done in the initramfs; I'll probably switch to a new set of keys after that is done, so that we can manage/limit downgrades. That's currently scheduled for the 9.1 timeframe.

comment:18 Changed 5 years ago by wmb@…

  • Resolution set to fixed
  • Status changed from assigned to closed

The current key generation procedure and the keys it generated are adequate.

Note: See TracTickets for help on using tickets.