On Thu, 2016-05-19 at 14:12 -0400, Dave Tian wrote: > > The Chaoskey device explicitly does not address physical > > attacks. Assuming physical security makes things a lot easier, and > > one > > of the simplifications is that we can assume that any physical > > device > > connected to the machine which has the right USB IDs will be the > > correct Unfortunately we have seen a string of CVEs with forged device IDs. > > device. I have taken the trouble to register a "real" USB ID for > > this > > device, so in theory, we shouldn't ever see an accidental collision. The problem with that is "accidental". > > > 1. Disable the firmware update from the manufacturer That will not work if the attacker starts with his own gadget. > 2. Sign the firmware - I have no idea where the signature is saved on > the device and how the host retrieves the signature from the device That won't work as the signature could be sniffed and forged. > 3. USBTPM - a tpm embedded in the USB device which can measure the > firmware, and the measurement can be retrieved by the host. (There > seems no real implementation yet) How do we know the claimed TPM is a genuine TPM? I think we would need to use a form of public key cryptography in the same manner used to verify authorship of emails. The host would provide a nonce value that the device encrypts and returns. The host would verify the signature. Regards Oliver -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
