tf-m secure storageconnect.linaro.org.s3.amazonaws.com/hkg18/... · connected devices have secrets!...
TRANSCRIPT
©2017ArmLimited
LinaroConnect–HongKongMarch2018
TF-MSecureStorage
CE-OpenSourceSoftware
AshutoshSingh
©2017ArmLimited2
QuickIntroductiontoTF-M
IntroductiontoServices
SecureStorageOverview
SecureStorageDesign
Exampleuse-case
SecureStorageOutlook
Agenda
Pleasefeelfreetointerruptduringthepresentation!
©2017ArmLimited
TrustedFirmwareMoverview
©2017ArmLimited4
Introduction
PlatformSecurityarchitecture(PSA)publiclaunchinlate2017
TFMengineeringworkstartedearly2017,PSA–evenearlier
PSA:setofspecs&implementation–whichisTF-M
©2017ArmLimited5
Non-securePartition
Applicationfirmware
OSlibraries
OSkernel
SecurePartition
Securefunction
Securefunction
TrustedPartition
TrustedFunction
TrustedFunction
TF-MCore
SecurecallAPIandrouting
PartitionManager
SecureDebug
Isolationboundary
SecureProcessingEnvironment(Sbinary)
SecurePartition
SecureIRQ
Crashhandling
SecureDrivers
Non-secureProcessingEnvironment
(NSbinary)
TFMNSAPI
Partition-privatecode
Securefunction
Scheduling
Secureisolation
TF-MFramework
• Securebootloader
• Securesysteminit
• SecurePartitionManagement(SPM)
• Securefunctioncallrouting
• IsolationwithinSPE
• Trustedservices,functions
• NSPEAPI
• Buildenvironment
• Testsuite
• ...
©2017ArmLimited6
Non-securePartition
Applicationfirmware
OSlibraries
OSkernel
SecurePartition
Securefunction
Securefunction
TrustedPartition
TrustedFunction
TrustedFunction
TF-MCore
SecurecallAPIandrouting
PartitionManager
SecureDebug
Isolationboundary
SecureProcessingEnvironment(Sbinary)
SecurePartition
SecureIRQ
Crashhandling
SecureDrivers
Non-secureProcessingEnvironment
(NSbinary)
TFMNSAPI
Partition-privatecode
Securefunction
Scheduling
Secureisolation
TF-MTerminologySecurePartitionManager(SPM)
• Providestheboot,isolationandIPCservicestotheSPE
Partition
• Theunitofexecution
SecureFunction
• AsetofrelatedAPIsinvokedthroughsecureIPC
Trustedfunction
• ASecureFunctionthatprovidesaRootofTrustservice
©2017ArmLimited
IntroductiontoTF-MServices
©2017ArmLimited8
SecurePartition/Function/Service
Secureendpointofthesystem
Userauthenticationandaccesspolicybasedservice
Sandboxedtoallowmutualdistrustandlimitthreatvectors
InvokedfromSPEaswellNSPEentities
Independentinteractionwithmultipleentities
MultipleFunctions(SF)insamePartition(SP)
Non-securepartition
Applicationfirmware
OSlibraries
OSkernel
CryptoSecurepartitionSecurefunction
Securefunction
Trustedpartition
Trustedfunction
Trustedfunction
SecurePartitionManager
SecureIPC Secureisolation Securedebug
Isolationboundary
SecureProcessingEnvironmentNon-secure
ProcessingEnvironment
SSTSecurepartitionSecurefunction
Securefunction
©2017ArmLimited
TF-MSecureStorage
©2017ArmLimited10
SecureStorageIntroduction
Connecteddeviceshavesecrets!
• RoTkeys,Communicationskeys,hashes,certificates
• Vendorsecrets(provisioningkeys,featurecertificates)• Criticalfordevicesecurityandoperability• Needfor-
• Restrictedaccesstoplaintextsecrets
• Tamperresistance/detection
• Reliability
©2017ArmLimited11
SecureStorageIntroduction• Confidentiality
• AEADEncryption
• PolicyBasedAccessControl
• RedefineAccessGranularity(Read/Write/Reference)
• Integrity• AEADAuthentication
• Availability• AtomicUpdateOperations
• PowerFailureSafeDesign
• Scalability
Confidentiality
AvailabilityIntegrity
Scalability
©2017ArmLimited12
SSTSystemView
Non-securepartition
Applicationfirmware
OSlibraries
OSkernel
CryptoSecurepartition
CryptoSF
CryptoSF
Trustedpartition
Trustedfunction
Trustedfunction
SecurePartitionManager
SecureIPC Secureisolation Securedebug
Isolationboundary
Non-SecureProcessingEnvironment
SSTCAPI
SecureProcessingEnvironment
SST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
©2017ArmLimited13
FirstRelease
• Policybasedaccess• Compiled-inpolicytable
• SingleKeyOperation• AES-GCMForAEAD
• Atomicaccess,powerfailuresafe
• CustomFileSystem
SST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
©2017ArmLimited
TF-MSecureStorageAccessPolicyManagement
©2017ArmLimited15
AccessPolicyManagement• Gatekeeperforalltheaccesses• Placeholderforfutureadditions
• lifecyclemanagement• secureassetmanagement
• Compiletimepolicydefinition
• Use-case1:DirectAccessfrom(SPEorNSPE)Client• Read/Write/Deleterequest• Accesspermissionlookupinpolicydatabase
SST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement Policydatabase
HUKderivedkey
….
©2017ArmLimited16
AccessPolicyManagement• Use-case2:Referenced
Access• Onlyreadinindirectaccess• ClientasksCryptoto
performacryptographicoperationwiththekeyreference(UUID)
• CryptomakesareadrequestonNSPEcaller’sbehalf
• ‘Reference’permissionlookupfortheoriginalNSPEclient
• OnlySPEcallerallowedtomakereferencedreadonother’sbehalf
Non-securepartition
APP2
OSlibraries
OSkernel
Crypto
CryptoSF
CryptoSF
Trustedpartition
Trustedfunction
Trustedfunction
SecurePartitionManager
SecureIPCSecureisolation Securedebug
Non-SecureProcessingEnvironment
SSTCAPI
SecureProcessingEnvironment
SST
Key1 Cert
Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
APP1
©2017ArmLimited
TF-MSecureStorageFileSystem
©2017ArmLimited18
SSTFileSystem–FlashLayoutSST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
MetaBlock
ScratchMetaBlock
DataBlock
DataBlock
ScratchDataBlock
DataBlock • SetofBlocksear-
marked• Firsttwoformetadata
block• Restaredatablocks• Scratchmetablockand
scratchdatablock
©2017ArmLimited19
SST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
SSTFileSystem–FlashLayoutContdMetadataBlock
Metaheader
Blockmetadata• Block0Meta• Block1meta• ....
ObjectMetadata• Object0meta• Objectxxmeta
UNUSEDSPACE
Objectxxdata
DataBlock0
Objectxx
Objectyy
Objectzz
Objectaa
Objectbb
UNUSEDSPACE
DataBlock1
Objectcc
Objectdd
Objectee
Objectff
Objectgg
UNUSEDSPACE
• Metaheader• Metadataauthentication• Atomicupdates
• BlockMetadata• Logicalblocktophysicalblockinfo• Infoaboutfreespaceineachblock
• ObjectMetadata• Infoaboutanobject’swhereabouts• Objectauthenticationdata
©2017ArmLimited
TF-MSecureStorageFlows
©2017ArmLimited21
KeyDerivationSST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
HardwareUnique
Key(HUK)
KDF
KeyDerivation
Label
SSTKey • SimpleKeyDerScheme
• HUK–needstobeuniqueperdevice
• Implementationstubbed
• _to_evolve_
©2017ArmLimited22
AuthenticateEncryptionWithAssociatedDataSST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
Encryption
AuthenticatedData
Data(Plain-text)
AES-GCM
Key
IV
AuthTag
ObjectData(Encrypted)
AuthenticatedDecryption
AuthenticatedData
Data(Encrypted)
AES-GCM
Key
AuthenticationResult
Data(Plain-Text)
AuthTagIV
©2017ArmLimited23
ObjectEncryption/DecryptionSST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
ObjectEncryption
ObjectMetadata
ObjectData(Plain-text)
AES-GCM
SSTKey
IV
MAC(AuthTag)
ObjectData(Encrypted)
ObjectDecryption
ObjectMetadata
ObjectData(Encrypted)
AES-GCM
SSTKey
AuthenticationResult
ObjectData(Plain-Text)
MAC IV
©2017ArmLimited24
SST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
Boot-MetadataBlockAuthentication
MetaBlockAuthentication
Metadataheader
BlockMetadata AES-GCMAuth
SSTKey
AuthenticationResult
MAC IV
ObjectMetadata
©2017ArmLimited25
SST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
WriteOperation(Simplified)
WriteRequest EncryptContent WritetoScratchDataBlock
UpdateScratchMetadataBlock
UpdateScratchMetadataheader(IV,SwapCount,
MAC)
EraseActiveMetadata
EraseActivedatablock Done
©2017ArmLimited26
MetaBlockAuthentication
SST
Key Cert Hash
FileSystem(orproxy)
Cryptographicbinding
AccessPolicyManagement
Policydatabase
HUKderivedkey
….
WriteOperation(..NotSimplified)
ObjectData Encrypt
ScratchDataBlock
ObjectData
ObjectData
ObjectData
ScratchMetaBlock
MAC
SwapCounter
IV
LBlockMetaLBlockMeta
ObjectMetaObjectMetaObjectMeta
ActiveMetaBlock
MAC
SwapCounter
IV
LBlockMetaLBlockMeta
ObjectMetaObjectMetaObjectMeta
ActiveDataBlock
ObjectData
ObjectData
ObjectDataIncrementSwapCounterGenerate/Store
MACforMetadata
EraseActiveMetablock
EraseActiveDataBlock
SwapActive/scrathblocks
©2017ArmLimited27
APIs
tfm_sst_get_handle(uint16_tasset_uuid,uint32_t*hdl);
tfm_sst_create(uint16_tasset_uuid);
tfm_sst_get_attributes(uint32_tasset_handle,structtfm_sst_attribs_t*attrib_struct);
tfm_sst_read(uint32_tasset_handle,structtfm_sst_buf_t*data);
tfm_sst_write(uint32_tasset_handle,structtfm_sst_buf_t*data);
tfm_sst_delete(uint32_tasset_handle);
©2017ArmLimited28
ReferenceUse-case
Non-securepartition
Applicationfirmware
IPStack
OSkernel
CryptoSecurepartitionSecurefunction
Securefunction
Trustedpartition
Trustedfunction
Trustedfunction
SecurePartitionManager
SecureIPC Secureisolation Securedebug
Isolationboundary
SecureProcessingEnvironmentNon-secure
ProcessingEnvironment
SSTSecurepartition
TLSKey/Cert
TLS
©2017ArmLimited
SecureStorageOutlook
©2017ArmLimited30
SecureStorageOutlook
• Rollbackprotection,re-doIVscheme
• Keydiversification,passwordbasedaccess,keyhiding• Securityproperties(keytype,restrictions)• Lifecyclemanagement
• Evolutionofuserauthentication• Handlingvariousstoragedevicetopologies• CompiletimeFlashLayoutgeneration
• ToolingWorkOngoingforotherservices(Crypto,AuditLogging)
©2017ArmLimited31
HowtogetinvolvedTF-AandTF-Mmastercodebases• https://git.trustedfirmware.org/
TF-MTeam@ConnectHKG18• AbhishekPandit
• AshutoshSingh
• TamasBan
• MiklosBalint
Getintouch• ComeroundLITEhackingroombetween3-4pmWednesday
• Scheduleameetingviahkg18.pathable.com
Moreinfoondeveloper.arm.com
©2017ArmLimited32
?
3333
ThankYou!Danke!Merci!谢谢!ありがとう!Gracias!Kiitos!감사합니다धन्यवाद
©2017ArmLimited
©2017ArmLimited34
SecureStorageOutlook(OpenDiscussion)
• Rollbackprotection• InternalFlashbaseddesign(tostorerollbackcountersecurely)?
• OTP/E-FuseBasedDesign(tostorerollbackcountersecurely)?
• Canitbetiedtofirmwareupdate?
• Couldwepartitionintorollbackprotectedandnonrollbackprotected?
©2017ArmLimited35
SecureStorageOutlook(OpenDiscussion)
• Keydiversification,passwordbasedaccess,keyhiding• KeydiversificationperClient?
• Token(password)basedkeyderivation?
• ErasurePolicy?
©2017ArmLimited36
SecureStorageOutlook(OpenDiscussion)
• Lifecyclemanagement• SecureTimebasedlifecyclemanagement?
• Usagecountbasedlifecyclemanagement?
©2017ArmLimited37
SecureStorageOutlook(OpenDiscussion)
• Evolutionofuserauthentication• CurrentlypartitionIDbased
• Doesitneedtobemoresophisticated?(challengeresponsebased?)
©2017ArmLimited38
SecureStorageOutlook(OpenDiscussion)
• Handlingvariousstoragedevicetopologies• Dedicatedflashdeviceforsecurestorage?
• Multi-headedflashdevice?
• Usingsameflashfornon-secureandsecurestorage?
• UsingNSPEfilesystem?
©2017ArmLimited39
SecureStorageOutlook(OpenDiscussion)
• CompileTimeFlashLayout• Deterministicstoragerequirement
• Generatetheflash-layout(i.e.whatisstoredwhere)atcompiletime
• Reducedcodesize/complexityattheruntime
©2017ArmLimited40
SecureStorageOutlook(OpenDiscussion)
• Tooling• Toolingtosupporteasydefinitionofpolicytable
• Provision’ablePolicyDatabase(currentlycompiled-in)