Hi Keith, On Thu, May 19, 2016 at 9:23 PM, Keith Packard <keithp@xxxxxxxxxx> wrote: > Dave Tian <dave.jing.tian@xxxxxxxxx> writes: > >> I am personally in favor of a TPM-like solution, since we probably >> couldn’t/shouldn’t disable the firmware update anyway, >> and we really need a hardware root of trust (with a key embedded) in >> the device, like the TPM in the host. > > I don't think we need a true TPM in the hardware; the device is > read-only in normal operation with firmware upgrades requiring physical > presence. So, supply the private key with the firmware and then erase it > From the host once programmed. Once the programming jumper is removed, > only physical access would be sufficient to extract the private key. > > Here's more information about the hardware: > > http://altusmetrum.org/ChaosKey/ > > -- This is the first I have seen this gadget. The obvious use is with encryption. The obvious problem is someone substituting a false USB key for a genuine one. The classic "drop flash drives in a conference lobby", and someone will use it and infect windows. A more capitalistic attack for any system is someone offering a false USB "key" for 10% less than anyone else. Any computer that allows any USB device to be plugged in is at risk. That's why there is physical protection for servers. A clever attacker would provide a false USB key which is "almost" random. This would allow them to decrypt messages based on the false key, with nobody else knowing there was a vulnerability. An almost random number simplifies cracking. It is easy to exactly duplicate all the descriptors and functionality in a false device. It could be easily done with a PIC, Arduino, or $9 CHIP. Who could tell a key is false or genuine? The false device could do the same dance with public keys (or whatever secret handshake you setup). If a user cannot be sure a key is genuine, and a false key can leak information, I don't see the point of anyone using such a USB device. Regards, Steve -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
