1 00:00:06,320 --> 00:00:11,499 [Music] 2 00:00:15,280 --> 00:00:19,600 hello again everyone hope you had a 3 00:00:17,520 --> 00:00:23,039 lovely break 4 00:00:19,600 --> 00:00:25,199 um i know i spent my break investigating 5 00:00:23,039 --> 00:00:27,359 all sorts of new like 6 00:00:25,199 --> 00:00:30,560 open things that people are posting 7 00:00:27,359 --> 00:00:32,000 about in in the chat so i hope you had 8 00:00:30,560 --> 00:00:35,760 fun too 9 00:00:32,000 --> 00:00:38,960 um okay so next up we have irving chipto 10 00:00:35,760 --> 00:00:40,399 arsona um telling us about becoming a 11 00:00:38,960 --> 00:00:42,719 tyrant 12 00:00:40,399 --> 00:00:44,320 implementing secure boot in embeddable 13 00:00:42,719 --> 00:00:46,640 devices 14 00:00:44,320 --> 00:00:49,680 irving is an embedded systems engineer 15 00:00:46,640 --> 00:00:52,320 he enjoys conjuring complex incantations 16 00:00:49,680 --> 00:00:54,160 in an arcane language then casting it 17 00:00:52,320 --> 00:00:56,800 into a spell and inserting it into a 18 00:00:54,160 --> 00:00:58,960 piece of silicone with a magic wand 19 00:00:56,800 --> 00:01:00,320 bringing life into the previously dead 20 00:00:58,960 --> 00:01:02,239 hardware 21 00:01:00,320 --> 00:01:05,280 in short writing c programs and 22 00:01:02,239 --> 00:01:06,960 programming it with a jtag debugger 23 00:01:05,280 --> 00:01:08,799 normally an endorsed person he can 24 00:01:06,960 --> 00:01:10,799 occasionally be found chasing solar 25 00:01:08,799 --> 00:01:12,720 calories down the stewart highway in the 26 00:01:10,799 --> 00:01:15,680 australian outback 27 00:01:12,720 --> 00:01:18,400 so irving's talk is pre-recorded 28 00:01:15,680 --> 00:01:19,360 which means that irving will be in the 29 00:01:18,400 --> 00:01:20,880 chat 30 00:01:19,360 --> 00:01:23,439 during 31 00:01:20,880 --> 00:01:25,280 the talk however 32 00:01:23,439 --> 00:01:28,000 irving has asked that we saved the big 33 00:01:25,280 --> 00:01:30,400 questions for the post chat q a um so 34 00:01:28,000 --> 00:01:31,920 that they'll be in the recording um and 35 00:01:30,400 --> 00:01:34,560 are available for anyone watching the 36 00:01:31,920 --> 00:01:36,400 talk later so um irving will be in the 37 00:01:34,560 --> 00:01:39,439 chat for any clarifications or 38 00:01:36,400 --> 00:01:40,640 discussions but yet please also put any 39 00:01:39,439 --> 00:01:44,399 any 40 00:01:40,640 --> 00:01:45,280 any good questions in the questions tab 41 00:01:44,399 --> 00:01:47,280 um 42 00:01:45,280 --> 00:01:48,159 irving do you have a few words 43 00:01:47,280 --> 00:01:50,399 um 44 00:01:48,159 --> 00:01:53,520 yes um thank you for attending my first 45 00:01:50,399 --> 00:01:55,520 ever lca talk and i'd like to thank you 46 00:01:53,520 --> 00:01:56,880 people from linux research victoria that 47 00:01:55,520 --> 00:01:59,360 has 48 00:01:56,880 --> 00:02:03,759 encouraged me to submit and give me some 49 00:01:59,360 --> 00:02:03,759 feedback that's all please enjoy my talk 50 00:02:06,960 --> 00:02:11,200 hi everyone thank you for attending my 51 00:02:09,039 --> 00:02:12,879 talk about becoming a tight run 52 00:02:11,200 --> 00:02:13,920 implementing security booth in embedded 53 00:02:12,879 --> 00:02:15,760 devices 54 00:02:13,920 --> 00:02:18,080 i'm murfing and i want to talk about 55 00:02:15,760 --> 00:02:20,239 secure booth because i've seen some 56 00:02:18,080 --> 00:02:22,319 resources on how you might want how you 57 00:02:20,239 --> 00:02:24,319 could implement security on the internet 58 00:02:22,319 --> 00:02:25,360 but not much on why you might want to 59 00:02:24,319 --> 00:02:27,760 have it 60 00:02:25,360 --> 00:02:30,080 now this tool cover embedded devices not 61 00:02:27,760 --> 00:02:31,360 big servers with ufi boot 62 00:02:30,080 --> 00:02:33,440 there are some circumstances that are 63 00:02:31,360 --> 00:02:35,280 different than embedded such as you 64 00:02:33,440 --> 00:02:37,440 putting your code into the device that 65 00:02:35,280 --> 00:02:39,519 will end up in somebody else with 66 00:02:37,440 --> 00:02:41,280 physical access 67 00:02:39,519 --> 00:02:43,840 the slides for this talk is available on 68 00:02:41,280 --> 00:02:45,840 my website so if you see anything 69 00:02:43,840 --> 00:02:47,840 interesting that i will show you later 70 00:02:45,840 --> 00:02:51,120 you can just just grab the slots and 71 00:02:47,840 --> 00:02:53,200 click the urls to go through them 72 00:02:51,120 --> 00:02:55,519 now before we start there are some legal 73 00:02:53,200 --> 00:02:57,200 bits to go through so all opinions in 74 00:02:55,519 --> 00:02:59,599 this presentation are my own and not 75 00:02:57,200 --> 00:03:01,760 from my employer or any other associates 76 00:02:59,599 --> 00:03:04,000 all references are to publicly available 77 00:03:01,760 --> 00:03:06,000 information and neither i nor my 78 00:03:04,000 --> 00:03:07,840 employer takes any legal or commercial 79 00:03:06,000 --> 00:03:10,319 responsibility that might arise from 80 00:03:07,840 --> 00:03:12,800 anything in this presentation basically 81 00:03:10,319 --> 00:03:14,720 i am not a lawyer so you should consult 82 00:03:12,800 --> 00:03:16,319 with yours 83 00:03:14,720 --> 00:03:18,640 now for those who are not familiar with 84 00:03:16,319 --> 00:03:22,000 what secure boot is it's basically just 85 00:03:18,640 --> 00:03:23,440 a chain of truss mechanism where one 86 00:03:22,000 --> 00:03:26,080 something that's currently executing on 87 00:03:23,440 --> 00:03:27,760 a cpu tries to verify the integrity of 88 00:03:26,080 --> 00:03:29,680 the next thing it's supposed to execute 89 00:03:27,760 --> 00:03:31,840 before actually executing it so for 90 00:03:29,680 --> 00:03:34,319 example if you have a cpu that just 91 00:03:31,840 --> 00:03:35,840 comes out of from bring power up and 92 00:03:34,319 --> 00:03:37,599 it's actually getting its internal boot 93 00:03:35,840 --> 00:03:40,640 rom 94 00:03:37,599 --> 00:03:43,040 it will try to verify the integrity of 95 00:03:40,640 --> 00:03:44,879 say the u-boot program that 96 00:03:43,040 --> 00:03:46,640 that's it's supposed to run next before 97 00:03:44,879 --> 00:03:49,120 actually jumping into it and executing 98 00:03:46,640 --> 00:03:52,159 the u-boot binary 99 00:03:49,120 --> 00:03:55,760 this this mechanism can be done 100 00:03:52,159 --> 00:03:58,879 using either hashes like shj256 or 101 00:03:55,760 --> 00:04:01,840 public keys like rsa or ecc 102 00:03:58,879 --> 00:04:03,360 and this can provide some protection 103 00:04:01,840 --> 00:04:05,439 against tampering 104 00:04:03,360 --> 00:04:06,560 including from the physical side and not 105 00:04:05,439 --> 00:04:08,239 just from 106 00:04:06,560 --> 00:04:09,120 say the network 107 00:04:08,239 --> 00:04:12,239 now 108 00:04:09,120 --> 00:04:13,760 the factor obviously when we talk about 109 00:04:12,239 --> 00:04:16,560 anything security the first thing we'd 110 00:04:13,760 --> 00:04:17,840 ask is what's your thread model 111 00:04:16,560 --> 00:04:20,239 because 112 00:04:17,840 --> 00:04:22,639 this mechanism is basically just a tool 113 00:04:20,239 --> 00:04:25,840 and whoever controls the keys or hashes 114 00:04:22,639 --> 00:04:26,639 controls the entire process 115 00:04:25,840 --> 00:04:29,120 now 116 00:04:26,639 --> 00:04:30,960 the scenario that you often encounter is 117 00:04:29,120 --> 00:04:33,360 that someone is locking you out from 118 00:04:30,960 --> 00:04:35,600 your own hardware such as if you buy a 119 00:04:33,360 --> 00:04:37,680 laptop or a phone that has everything 120 00:04:35,600 --> 00:04:39,040 locked and you can't modify all the 121 00:04:37,680 --> 00:04:41,280 software in it 122 00:04:39,040 --> 00:04:43,840 but 123 00:04:41,280 --> 00:04:47,280 but on the other hand since it's also a 124 00:04:43,840 --> 00:04:49,360 tool it could be you that is locking 125 00:04:47,280 --> 00:04:51,280 other people out from the devices that 126 00:04:49,360 --> 00:04:52,960 you own 127 00:04:51,280 --> 00:04:56,320 and that's why the question for skill 128 00:04:52,960 --> 00:04:57,759 booth is always who should hold the keys 129 00:04:56,320 --> 00:04:58,720 because 130 00:04:57,759 --> 00:05:01,199 when 131 00:04:58,720 --> 00:05:03,120 when you don't know your adversary you 132 00:05:01,199 --> 00:05:04,720 need to figure out them first and so you 133 00:05:03,120 --> 00:05:06,400 know how to use 134 00:05:04,720 --> 00:05:08,240 this tool 135 00:05:06,400 --> 00:05:10,639 correctly and it's important to 136 00:05:08,240 --> 00:05:14,400 determine who has control and who has 137 00:05:10,639 --> 00:05:15,280 not you should not have control 138 00:05:14,400 --> 00:05:16,880 now 139 00:05:15,280 --> 00:05:19,039 security booth is mainly useful for 140 00:05:16,880 --> 00:05:21,199 preventing access or modification on the 141 00:05:19,039 --> 00:05:23,440 lower level of the bootstack 142 00:05:21,199 --> 00:05:25,520 but it's not necessarily the best tool 143 00:05:23,440 --> 00:05:27,440 against net attacks from the network 144 00:05:25,520 --> 00:05:29,759 because if you're somebody is attacking 145 00:05:27,440 --> 00:05:31,680 a system from the network by the time 146 00:05:29,759 --> 00:05:34,160 they get enough access to the timer with 147 00:05:31,680 --> 00:05:35,440 the level bits they usually gain root 148 00:05:34,160 --> 00:05:39,759 access anyway 149 00:05:35,440 --> 00:05:41,440 and everything is already open to them 150 00:05:39,759 --> 00:05:44,320 but let's start with hypothetical 151 00:05:41,440 --> 00:05:47,039 scenarios so alice computers 152 00:05:44,320 --> 00:05:48,320 makes laptops and software that runs on 153 00:05:47,039 --> 00:05:49,840 it 154 00:05:48,320 --> 00:05:52,320 and they want to control the software 155 00:05:49,840 --> 00:05:55,120 that the users can run 156 00:05:52,320 --> 00:05:56,560 so they lock their laptops with security 157 00:05:55,120 --> 00:05:58,720 so 158 00:05:56,560 --> 00:06:00,560 in this case ls computers is locking you 159 00:05:58,720 --> 00:06:03,120 out from your stuff this is again 160 00:06:00,560 --> 00:06:04,720 something that you might encounter in 161 00:06:03,120 --> 00:06:08,080 real life 162 00:06:04,720 --> 00:06:10,479 but consider a different scenario where 163 00:06:08,080 --> 00:06:12,639 pop has a steel mill that's full of 164 00:06:10,479 --> 00:06:15,280 custom control devices 165 00:06:12,639 --> 00:06:17,039 and bob does not want more malware in 166 00:06:15,280 --> 00:06:17,919 his control devices 167 00:06:17,039 --> 00:06:20,080 so 168 00:06:17,919 --> 00:06:21,840 bob being a technically savvy person 169 00:06:20,080 --> 00:06:24,639 implement secure boots to lock his 170 00:06:21,840 --> 00:06:27,120 devices inside his steel mill 171 00:06:24,639 --> 00:06:29,199 and as a result bob is now the one 172 00:06:27,120 --> 00:06:31,520 that's locking everybody else out from 173 00:06:29,199 --> 00:06:33,840 his stuff 174 00:06:31,520 --> 00:06:36,400 now let's look at the third scenario 175 00:06:33,840 --> 00:06:38,319 dave owns a hydroelectric dam similarly 176 00:06:36,400 --> 00:06:41,120 full of control devices and just like 177 00:06:38,319 --> 00:06:42,960 bob he does not want malware in his 178 00:06:41,120 --> 00:06:44,000 control devices 179 00:06:42,960 --> 00:06:46,240 but 180 00:06:44,000 --> 00:06:48,800 unlike bob dave is not tech savvy so he 181 00:06:46,240 --> 00:06:50,560 asks carol to help him either 182 00:06:48,800 --> 00:06:52,720 probably using a business contract or 183 00:06:50,560 --> 00:06:55,360 something along something else 184 00:06:52,720 --> 00:06:58,880 now carol can add secure boot into 185 00:06:55,360 --> 00:07:00,479 dave's devices and holds the key for him 186 00:06:58,880 --> 00:07:02,000 and the end result is 187 00:07:00,479 --> 00:07:04,639 carol is the one that's locking 188 00:07:02,000 --> 00:07:09,199 everybody else out of dave's stuff so 189 00:07:04,639 --> 00:07:09,199 his stuff can run properly as expected 190 00:07:09,440 --> 00:07:13,520 now you might notice that this scenario 191 00:07:11,440 --> 00:07:15,440 seems to have something in common 192 00:07:13,520 --> 00:07:18,080 which is that 193 00:07:15,440 --> 00:07:18,800 these systems needs to be trustworthy 194 00:07:18,080 --> 00:07:20,880 so 195 00:07:18,800 --> 00:07:23,199 that's why you might want to use secure 196 00:07:20,880 --> 00:07:24,639 boot to timber proof them and we talk 197 00:07:23,199 --> 00:07:26,160 when you talk about timbre proofing and 198 00:07:24,639 --> 00:07:27,840 transporting systems 199 00:07:26,160 --> 00:07:30,479 the first scenario that might come to 200 00:07:27,840 --> 00:07:32,479 your head is obviously anything that 201 00:07:30,479 --> 00:07:36,319 requires finance info things financial 202 00:07:32,479 --> 00:07:38,479 transactions such as atms where if your 203 00:07:36,319 --> 00:07:40,880 software in an atm is 204 00:07:38,479 --> 00:07:44,240 not is getting tampered they can be used 205 00:07:40,880 --> 00:07:46,879 for skimming a customer's credit card or 206 00:07:44,240 --> 00:07:48,080 worse could be subject to an attack like 207 00:07:46,879 --> 00:07:48,960 jackpotting 208 00:07:48,080 --> 00:07:51,360 where 209 00:07:48,960 --> 00:07:53,039 you they can be told to just dispense 210 00:07:51,360 --> 00:07:54,960 the contents 211 00:07:53,039 --> 00:07:56,639 now if you're an atm manufacturer the 212 00:07:54,960 --> 00:07:58,479 last thing you probably want is to see 213 00:07:56,639 --> 00:08:01,199 one of your product being dragged on 214 00:07:58,479 --> 00:08:03,360 stage by some bloke at black hat and 215 00:08:01,199 --> 00:08:05,360 being controlled remotely to dispense 216 00:08:03,360 --> 00:08:07,759 cast on its own 217 00:08:05,360 --> 00:08:10,240 and secure boot will probably help with 218 00:08:07,759 --> 00:08:13,039 this could help with this scenario 219 00:08:10,240 --> 00:08:15,360 another similar device here are the f 220 00:08:13,039 --> 00:08:17,599 terminals that you see on retail shops 221 00:08:15,360 --> 00:08:20,000 and supermarkets 222 00:08:17,599 --> 00:08:23,520 they can they can be reprogrammed to 223 00:08:20,000 --> 00:08:25,759 scheme and steal card info or worse 224 00:08:23,520 --> 00:08:26,800 you could play video games on them 225 00:08:25,759 --> 00:08:29,199 such 226 00:08:26,800 --> 00:08:31,039 and that's what that that picture is 227 00:08:29,199 --> 00:08:34,320 pointing is showing is that somebody 228 00:08:31,039 --> 00:08:37,760 managed to hack one of those systems and 229 00:08:34,320 --> 00:08:37,760 put a little racing game on them 230 00:08:38,000 --> 00:08:42,080 another 231 00:08:39,120 --> 00:08:44,880 possible machine is of course the pokeys 232 00:08:42,080 --> 00:08:47,519 or slot machines that 233 00:08:44,880 --> 00:08:50,480 probably should work as expected 234 00:08:47,519 --> 00:08:53,600 and of course your mobile phones that 235 00:08:50,480 --> 00:08:55,839 has all your personal and financial data 236 00:08:53,600 --> 00:08:55,839 and 237 00:08:55,920 --> 00:09:02,240 another different category is of course 238 00:09:00,000 --> 00:09:04,320 automotive control units and or 239 00:09:02,240 --> 00:09:06,640 industrial controls devices that 240 00:09:04,320 --> 00:09:08,320 controls heavy and powerful things cars 241 00:09:06,640 --> 00:09:09,440 cranes industrial equipment steam 242 00:09:08,320 --> 00:09:11,839 turbines 243 00:09:09,440 --> 00:09:14,000 tampering with these can actually cause 244 00:09:11,839 --> 00:09:16,320 injury death and legal liabilities in 245 00:09:14,000 --> 00:09:19,040 real life 246 00:09:16,320 --> 00:09:21,680 now you might think that if you own a 247 00:09:19,040 --> 00:09:24,480 device you should be able to modify them 248 00:09:21,680 --> 00:09:26,800 and i agree with you like if i oh if i 249 00:09:24,480 --> 00:09:28,880 buy like a little router like this and i 250 00:09:26,800 --> 00:09:31,600 want to be able to put in open wrt on 251 00:09:28,880 --> 00:09:33,120 them to make them run the way exactly 252 00:09:31,600 --> 00:09:34,399 why i want to 253 00:09:33,120 --> 00:09:36,160 but 254 00:09:34,399 --> 00:09:37,440 when it comes to this kind of heavy 255 00:09:36,160 --> 00:09:39,680 machinery 256 00:09:37,440 --> 00:09:42,399 you your tempering could actually hurt 257 00:09:39,680 --> 00:09:43,920 yourself with your modifications like 258 00:09:42,399 --> 00:09:46,560 this thing's not going to harm you the 259 00:09:43,920 --> 00:09:48,480 worst it can do is just um spew out some 260 00:09:46,560 --> 00:09:50,720 magic smoke but 261 00:09:48,480 --> 00:09:52,720 if your car if you're tampering with 262 00:09:50,720 --> 00:09:53,920 well let's let's if you're modifying 263 00:09:52,720 --> 00:09:56,720 your cars 264 00:09:53,920 --> 00:09:59,040 and then you somehow made it so the 265 00:09:56,720 --> 00:10:01,440 volume button actually 266 00:09:59,040 --> 00:10:02,640 presses the accelerator somehow then 267 00:10:01,440 --> 00:10:04,720 you're not gonna have a very pleasant 268 00:10:02,640 --> 00:10:07,200 experience when you want to 269 00:10:04,720 --> 00:10:08,000 listen to loud music on the highway 270 00:10:07,200 --> 00:10:10,000 but 271 00:10:08,000 --> 00:10:12,720 this thing this thing can get worse 272 00:10:10,000 --> 00:10:14,720 because while you can hurt yourself 273 00:10:12,720 --> 00:10:16,560 you can also be heard from somebody 274 00:10:14,720 --> 00:10:17,839 else's modifications 275 00:10:16,560 --> 00:10:20,399 like if 276 00:10:17,839 --> 00:10:22,240 imagine if you have how would you feel 277 00:10:20,399 --> 00:10:25,120 if there are several oncoming car in the 278 00:10:22,240 --> 00:10:26,880 opposite lane over over there that runs 279 00:10:25,120 --> 00:10:28,800 modified ecu code and you don't know how 280 00:10:26,880 --> 00:10:30,560 whether one of them is just going to 281 00:10:28,800 --> 00:10:32,640 start swearing left and right because 282 00:10:30,560 --> 00:10:33,680 the auto drive controls were tampered 283 00:10:32,640 --> 00:10:36,079 with 284 00:10:33,680 --> 00:10:38,480 so in this sense 285 00:10:36,079 --> 00:10:40,959 you yes i think being able to modify 286 00:10:38,480 --> 00:10:43,519 your devices is very good 287 00:10:40,959 --> 00:10:46,399 but i'm not so sure when it comes to 288 00:10:43,519 --> 00:10:49,600 opening up possibilities of injuries to 289 00:10:46,399 --> 00:10:52,240 yourself or somebody else 290 00:10:49,600 --> 00:10:53,920 and then you might ask what about fixing 291 00:10:52,240 --> 00:10:57,120 bugs in those ecu's 292 00:10:53,920 --> 00:10:59,120 which is extremely it's a valid concern 293 00:10:57,120 --> 00:11:01,600 considering that there's things like 294 00:10:59,120 --> 00:11:04,240 toyota acceleration case just if you 295 00:11:01,600 --> 00:11:06,399 remember a couple years back there is a 296 00:11:04,240 --> 00:11:09,279 lawsuit that allegedly says 297 00:11:06,399 --> 00:11:12,320 that toyota engine control units could 298 00:11:09,279 --> 00:11:13,440 cause acceleration on their own 299 00:11:12,320 --> 00:11:16,160 but 300 00:11:13,440 --> 00:11:17,839 again the flip side is 301 00:11:16,160 --> 00:11:20,320 while manufacturers might have buggy 302 00:11:17,839 --> 00:11:22,720 code they still have better test setups 303 00:11:20,320 --> 00:11:24,800 than the end user for that code which 304 00:11:22,720 --> 00:11:27,680 for a vehicle might involve 305 00:11:24,800 --> 00:11:29,279 an entire engine with gas fuel and 306 00:11:27,680 --> 00:11:30,880 everything running while being 307 00:11:29,279 --> 00:11:31,600 instrumented 308 00:11:30,880 --> 00:11:33,839 so 309 00:11:31,600 --> 00:11:34,720 while you might be able to fix your own 310 00:11:33,839 --> 00:11:36,800 code 311 00:11:34,720 --> 00:11:38,240 sorry you might be able to fix the code 312 00:11:36,800 --> 00:11:40,000 in those engines 313 00:11:38,240 --> 00:11:41,519 there's no way for you to check for any 314 00:11:40,000 --> 00:11:44,240 regression 315 00:11:41,519 --> 00:11:46,560 so and i don't think even if they opened 316 00:11:44,240 --> 00:11:48,399 up all of their setting there's not very 317 00:11:46,560 --> 00:11:50,639 many people that will 318 00:11:48,399 --> 00:11:53,120 procure an engine just to test the 319 00:11:50,639 --> 00:11:57,120 validity of their modifications 320 00:11:53,120 --> 00:11:59,200 so again the same same problem where you 321 00:11:57,120 --> 00:12:00,240 i'm not so sure that 322 00:11:59,200 --> 00:12:01,040 allowing 323 00:12:00,240 --> 00:12:05,360 these 324 00:12:01,040 --> 00:12:08,000 things to be edited is a very good idea 325 00:12:05,360 --> 00:12:10,639 now at this point you might wonder hold 326 00:12:08,000 --> 00:12:12,160 on this sounds like justifications for 327 00:12:10,639 --> 00:12:14,639 vendor log in 328 00:12:12,160 --> 00:12:16,880 which certainly can be done by using the 329 00:12:14,639 --> 00:12:19,279 same timber proofing mechanism to lock 330 00:12:16,880 --> 00:12:21,360 out competitors such as generic spare 331 00:12:19,279 --> 00:12:23,040 parts third-party consumables or end 332 00:12:21,360 --> 00:12:25,920 users trying to repair the thing that 333 00:12:23,040 --> 00:12:28,880 they bought and owned themselves 334 00:12:25,920 --> 00:12:32,480 the way i think about it is this is a 335 00:12:28,880 --> 00:12:33,600 complex issue because both sides do have 336 00:12:32,480 --> 00:12:35,120 a 337 00:12:33,600 --> 00:12:36,160 reasonable 338 00:12:35,120 --> 00:12:38,240 argument 339 00:12:36,160 --> 00:12:40,720 on one side a third-party products might 340 00:12:38,240 --> 00:12:42,560 be faulty or they might not be up to 341 00:12:40,720 --> 00:12:44,000 spec or contain something dangerous as a 342 00:12:42,560 --> 00:12:45,279 result of those 343 00:12:44,000 --> 00:12:48,399 differences 344 00:12:45,279 --> 00:12:49,760 and it's actually much safer if you went 345 00:12:48,399 --> 00:12:51,760 with the first party product that has 346 00:12:49,760 --> 00:12:52,560 been tested to work well with everything 347 00:12:51,760 --> 00:12:54,000 else 348 00:12:52,560 --> 00:12:55,519 that you have 349 00:12:54,000 --> 00:12:58,000 but on the other side lack of 350 00:12:55,519 --> 00:13:00,160 competition is very bad for customers 351 00:12:58,000 --> 00:13:02,240 because once you're locked in 352 00:13:00,160 --> 00:13:04,320 in something then you're at the merchant 353 00:13:02,240 --> 00:13:06,560 whoever's locking you in 354 00:13:04,320 --> 00:13:08,959 and so the question is at what point 355 00:13:06,560 --> 00:13:11,680 does tamper proofing becomes lock-in 356 00:13:08,959 --> 00:13:14,160 i'd say i don't know 357 00:13:11,680 --> 00:13:16,240 it on one side things like safety 358 00:13:14,160 --> 00:13:18,560 critical ecu's in the car you probably 359 00:13:16,240 --> 00:13:20,720 don't want a third-party 360 00:13:18,560 --> 00:13:22,160 things for that unless you're actually 361 00:13:20,720 --> 00:13:24,240 rebuilding your engine from scratch or 362 00:13:22,160 --> 00:13:25,760 something like that but um something 363 00:13:24,240 --> 00:13:28,880 like a plastic clip like this for 364 00:13:25,760 --> 00:13:30,000 hanging your coat you probably 3d print 365 00:13:28,880 --> 00:13:30,880 it yourself 366 00:13:30,000 --> 00:13:32,399 and 367 00:13:30,880 --> 00:13:34,800 everything else in this 368 00:13:32,399 --> 00:13:38,560 in between well i guess 369 00:13:34,800 --> 00:13:41,120 the answer is as always it depends 370 00:13:38,560 --> 00:13:43,360 on the scenario 371 00:13:41,120 --> 00:13:45,839 that said while we talk about login 372 00:13:43,360 --> 00:13:48,560 another use case for secure boot is to 373 00:13:45,839 --> 00:13:50,560 help lock in secret inside the device 374 00:13:48,560 --> 00:13:53,360 and help protecting them 375 00:13:50,560 --> 00:13:56,079 what kind of secrets well you could have 376 00:13:53,360 --> 00:13:58,160 for example user data in your phones you 377 00:13:56,079 --> 00:14:00,839 might have authentication data for f 378 00:13:58,160 --> 00:14:03,680 wash machines and setup boxes to top the 379 00:14:00,839 --> 00:14:05,839 mothership you might try to protect 380 00:14:03,680 --> 00:14:07,519 decryption keys inside the digital 381 00:14:05,839 --> 00:14:08,720 camera protectors at your local movie 382 00:14:07,519 --> 00:14:10,880 theater 383 00:14:08,720 --> 00:14:12,240 or maybe you might want to protect the 384 00:14:10,880 --> 00:14:14,320 software itself that's running inside 385 00:14:12,240 --> 00:14:16,880 your device that you've spent a lot of 386 00:14:14,320 --> 00:14:19,279 time and money on creating that secret 387 00:14:16,880 --> 00:14:22,639 sauce and you don't want any competitor 388 00:14:19,279 --> 00:14:25,279 to just jump uh stamp out mass 389 00:14:22,639 --> 00:14:27,360 clones and mass while not putting in the 390 00:14:25,279 --> 00:14:29,519 rnd effort 391 00:14:27,360 --> 00:14:31,680 and what kind of protection that 392 00:14:29,519 --> 00:14:32,800 security can provide 393 00:14:31,680 --> 00:14:34,320 mainly 394 00:14:32,800 --> 00:14:36,480 it is one of the few things that can 395 00:14:34,320 --> 00:14:38,399 help against physical attacks 396 00:14:36,480 --> 00:14:39,839 and to prevent reading out secrets from 397 00:14:38,399 --> 00:14:40,639 the hardware 398 00:14:39,839 --> 00:14:42,160 so 399 00:14:40,639 --> 00:14:45,199 for example 400 00:14:42,160 --> 00:14:47,760 if we compare with a microcontroller 401 00:14:45,199 --> 00:14:47,760 like this 402 00:14:47,839 --> 00:14:52,320 um come on focus 403 00:14:50,160 --> 00:14:56,000 so microcontrollers like this tend to 404 00:14:52,320 --> 00:14:58,240 have a readout protection by default so 405 00:14:56,000 --> 00:14:59,600 if you program the internal flash in 406 00:14:58,240 --> 00:15:01,360 this device 407 00:14:59,600 --> 00:15:02,560 and you blew off the jtag fixtures you 408 00:15:01,360 --> 00:15:04,880 can't 409 00:15:02,560 --> 00:15:06,880 then you'll find it very hard to try and 410 00:15:04,880 --> 00:15:10,839 extract the 411 00:15:06,880 --> 00:15:14,880 data from inside it on the other hand 412 00:15:10,839 --> 00:15:17,040 a embedded export like this has the cpu 413 00:15:14,880 --> 00:15:19,680 and the memory and flash one of these 414 00:15:17,040 --> 00:15:23,279 two chips 415 00:15:19,680 --> 00:15:25,519 they're separate from the cpu they are 416 00:15:23,279 --> 00:15:27,040 connected by traces on the pcb and they 417 00:15:25,519 --> 00:15:29,920 can be 418 00:15:27,040 --> 00:15:31,519 they can be sniffed 419 00:15:29,920 --> 00:15:33,279 that's it 420 00:15:31,519 --> 00:15:34,800 security's not very good for network 421 00:15:33,279 --> 00:15:36,880 attacks for the reasons i've explained 422 00:15:34,800 --> 00:15:39,120 earlier and when you're trying to defend 423 00:15:36,880 --> 00:15:41,199 against net attacks from the network 424 00:15:39,120 --> 00:15:43,680 it's basically an embedded linux device 425 00:15:41,199 --> 00:15:46,560 it's no different from your servers that 426 00:15:43,680 --> 00:15:48,560 are exposed to the internet 427 00:15:46,560 --> 00:15:51,279 now you now you wonder why would you 428 00:15:48,560 --> 00:15:53,680 need security for this because 429 00:15:51,279 --> 00:15:55,920 we have a full disencryption well 430 00:15:53,680 --> 00:15:57,440 this kind of full blob for file system 431 00:15:55,920 --> 00:15:59,440 or full list encryption is usually not 432 00:15:57,440 --> 00:16:01,759 enough for embedded devices 433 00:15:59,440 --> 00:16:03,519 because you need the secure location to 434 00:16:01,759 --> 00:16:04,639 store these decryption keys for these 435 00:16:03,519 --> 00:16:06,560 secrets 436 00:16:04,639 --> 00:16:08,639 and unlike desktop computers where you 437 00:16:06,560 --> 00:16:11,759 can have a human coming in and typing in 438 00:16:08,639 --> 00:16:13,600 the decryption password it usually you 439 00:16:11,759 --> 00:16:15,600 usually expect your device to start up 440 00:16:13,600 --> 00:16:17,600 by itself without a user entering a 441 00:16:15,600 --> 00:16:20,240 password every time 442 00:16:17,600 --> 00:16:22,079 and you also need to restrict the key 443 00:16:20,240 --> 00:16:24,560 this key access only to legitimate 444 00:16:22,079 --> 00:16:24,560 programs 445 00:16:24,720 --> 00:16:29,519 so if that sounds this problem sounds 446 00:16:26,880 --> 00:16:30,880 familiar to you you might be you might 447 00:16:29,519 --> 00:16:33,279 have heard about trusted platform 448 00:16:30,880 --> 00:16:35,199 modules or tpms 449 00:16:33,279 --> 00:16:38,800 which are basically a dedicated security 450 00:16:35,199 --> 00:16:40,320 chip that can keep a lot of secrets has 451 00:16:38,800 --> 00:16:41,440 lots of timbre protection instead of 452 00:16:40,320 --> 00:16:43,120 chips 453 00:16:41,440 --> 00:16:44,560 and you can ask it to do crypto 454 00:16:43,120 --> 00:16:45,839 operations like 455 00:16:44,560 --> 00:16:48,959 signing 456 00:16:45,839 --> 00:16:51,279 encrypting blob and so on and so forth 457 00:16:48,959 --> 00:16:52,880 they're cheap they are 458 00:16:51,279 --> 00:16:54,480 standardized so there's multiple vendors 459 00:16:52,880 --> 00:16:57,120 for them and they come with the rich 460 00:16:54,480 --> 00:16:58,800 software apis with things like open ssl 461 00:16:57,120 --> 00:17:00,720 engines and whatnot 462 00:16:58,800 --> 00:17:02,839 though that said they are secure but not 463 00:17:00,720 --> 00:17:05,760 very fast so if you're thinking 464 00:17:02,839 --> 00:17:07,600 of hooking up your ng next web server to 465 00:17:05,760 --> 00:17:10,400 this as a back-end and thinking oh i'm 466 00:17:07,600 --> 00:17:12,880 gonna my web server private keys are 467 00:17:10,400 --> 00:17:14,160 gonna be super secure well your yes it's 468 00:17:12,880 --> 00:17:16,720 gonna be secure but it's not gonna be 469 00:17:14,160 --> 00:17:17,600 very fast 470 00:17:16,720 --> 00:17:19,919 right 471 00:17:17,600 --> 00:17:21,520 if you want to use a tpm 472 00:17:19,919 --> 00:17:24,079 be aware that you should enable 473 00:17:21,520 --> 00:17:26,000 parameter encryption which will encrypt 474 00:17:24,079 --> 00:17:28,400 in communication or at least some 475 00:17:26,000 --> 00:17:31,200 communication within the cv or tpm 476 00:17:28,400 --> 00:17:33,760 otherwise you can an attacker could just 477 00:17:31,200 --> 00:17:35,760 sniff it by a logic analyzer 478 00:17:33,760 --> 00:17:38,400 and if you think attaching logic another 479 00:17:35,760 --> 00:17:41,039 seems like a lot of trouble well 480 00:17:38,400 --> 00:17:43,760 no it's not necessarily 481 00:17:41,039 --> 00:17:45,440 for example i got here a logic analyzer 482 00:17:43,760 --> 00:17:48,720 and this little 483 00:17:45,440 --> 00:17:51,120 okay come on camera focus 484 00:17:48,720 --> 00:17:52,320 logic analyzer and this little clip 485 00:17:51,120 --> 00:17:54,880 right here 486 00:17:52,320 --> 00:17:55,840 so for example if i got this random port 487 00:17:54,880 --> 00:17:57,520 there 488 00:17:55,840 --> 00:17:59,360 and you've got the 489 00:17:57,520 --> 00:18:01,360 tpm chip somewhere that's on the same 490 00:17:59,360 --> 00:18:03,440 path as that 491 00:18:01,360 --> 00:18:05,520 that chip for example you can just use 492 00:18:03,440 --> 00:18:08,320 this clip to 493 00:18:05,520 --> 00:18:09,840 clip right there and now you can sniff 494 00:18:08,320 --> 00:18:12,640 everything that goes 495 00:18:09,840 --> 00:18:12,640 throughout that chip 496 00:18:13,520 --> 00:18:18,559 there we go 497 00:18:15,360 --> 00:18:19,520 oops yeah um they're not super strong 498 00:18:18,559 --> 00:18:20,720 but 499 00:18:19,520 --> 00:18:22,720 if you just leave them on the table and 500 00:18:20,720 --> 00:18:26,160 not show them to a camera to the rest of 501 00:18:22,720 --> 00:18:26,160 the world they work perfectly well 502 00:18:26,400 --> 00:18:30,480 and also 503 00:18:28,480 --> 00:18:31,679 a tip vm needs to be initialized by 504 00:18:30,480 --> 00:18:33,679 something trustworthy they're not going 505 00:18:31,679 --> 00:18:35,280 to start by themselves and 506 00:18:33,679 --> 00:18:37,440 then start interrogating on what the 507 00:18:35,280 --> 00:18:39,360 main cpu is using uh 508 00:18:37,440 --> 00:18:41,120 executing 509 00:18:39,360 --> 00:18:42,960 so for example let's take this scenario 510 00:18:41,120 --> 00:18:45,200 we have uh that 511 00:18:42,960 --> 00:18:47,840 we have encryption with a sectional tp 512 00:18:45,200 --> 00:18:48,960 key storage and tpm or something else 513 00:18:47,840 --> 00:18:50,720 and 514 00:18:48,960 --> 00:18:51,679 there's a pro and secure but it's 515 00:18:50,720 --> 00:18:54,080 enabled 516 00:18:51,679 --> 00:18:54,840 so now we have a program right 517 00:18:54,080 --> 00:18:56,480 right 518 00:18:54,840 --> 00:18:58,799 there 519 00:18:56,480 --> 00:19:00,880 that is 520 00:18:58,799 --> 00:19:02,080 it has been verified so it's not 521 00:19:00,880 --> 00:19:04,080 tempered 522 00:19:02,080 --> 00:19:06,559 it will get the key from the key storage 523 00:19:04,080 --> 00:19:07,840 and use it to decrypt the secret and 524 00:19:06,559 --> 00:19:10,880 then it might 525 00:19:07,840 --> 00:19:12,480 read the secret and use it to do things 526 00:19:10,880 --> 00:19:14,400 and with the keyboard 527 00:19:12,480 --> 00:19:15,600 an attacker can't really tamper with 528 00:19:14,400 --> 00:19:17,760 anything here 529 00:19:15,600 --> 00:19:19,039 in this sequence and i mean 530 00:19:17,760 --> 00:19:21,039 this is all happening inside the main 531 00:19:19,039 --> 00:19:22,640 cpu 532 00:19:21,039 --> 00:19:25,200 but 533 00:19:22,640 --> 00:19:27,039 if you don't use secure boot an attacker 534 00:19:25,200 --> 00:19:29,520 could tamper with that program that's 535 00:19:27,039 --> 00:19:32,240 asking the key from the key storage 536 00:19:29,520 --> 00:19:34,320 and then he'll just decrypt the key into 537 00:19:32,240 --> 00:19:36,320 the secret and instead of using it for 538 00:19:34,320 --> 00:19:38,080 normal purposes he'll just upload it all 539 00:19:36,320 --> 00:19:39,919 to the cloud and to the rest of the 540 00:19:38,080 --> 00:19:43,760 whole world which is 541 00:19:39,919 --> 00:19:43,760 usually not what you want 542 00:19:43,919 --> 00:19:48,240 now while you've seen the advantages 543 00:19:46,960 --> 00:19:51,280 you might want to consider some 544 00:19:48,240 --> 00:19:52,400 disadvantages of secure boot as well 545 00:19:51,280 --> 00:19:54,000 first of all 546 00:19:52,400 --> 00:19:55,200 it needs a lot more development 547 00:19:54,000 --> 00:19:57,120 resources 548 00:19:55,200 --> 00:19:58,559 it need you need more engineering time 549 00:19:57,120 --> 00:20:00,960 you need multiple hardware kit because 550 00:19:58,559 --> 00:20:02,799 you might burn some of them and you 551 00:20:00,960 --> 00:20:04,720 might need to deal with nds and export 552 00:20:02,799 --> 00:20:06,799 controls all of these tech resources 553 00:20:04,720 --> 00:20:09,120 that you could put towards 554 00:20:06,799 --> 00:20:10,640 creating features or getting to market 555 00:20:09,120 --> 00:20:13,120 earlier 556 00:20:10,640 --> 00:20:15,440 you also has a rig 2 of bricking devices 557 00:20:13,120 --> 00:20:17,440 because whenever you have 558 00:20:15,440 --> 00:20:19,679 secure boot operational 559 00:20:17,440 --> 00:20:21,760 you need to tell it to make a decision 560 00:20:19,679 --> 00:20:22,799 what happens if you got verification 561 00:20:21,760 --> 00:20:25,520 failure 562 00:20:22,799 --> 00:20:26,799 should it stop working but keep all the 563 00:20:25,520 --> 00:20:29,600 secret safe 564 00:20:26,799 --> 00:20:31,919 or should it try to continue working 565 00:20:29,600 --> 00:20:33,679 maybe in a degraded state even if it's 566 00:20:31,919 --> 00:20:36,159 possibly compromised 567 00:20:33,679 --> 00:20:37,760 this is probably another thing that is 568 00:20:36,159 --> 00:20:39,760 application specific 569 00:20:37,760 --> 00:20:41,760 where if you have an airforce machine 570 00:20:39,760 --> 00:20:43,520 you probably wanted to die straight away 571 00:20:41,760 --> 00:20:44,799 taking it secret with him 572 00:20:43,520 --> 00:20:46,799 whereas 573 00:20:44,799 --> 00:20:48,720 something that controls some machinery 574 00:20:46,799 --> 00:20:51,679 you probably want to get into some sort 575 00:20:48,720 --> 00:20:51,679 of safe mode 576 00:20:52,080 --> 00:20:56,799 of some sort 577 00:20:54,400 --> 00:20:59,200 another problem is that it makes it hard 578 00:20:56,799 --> 00:21:02,080 to use gpl v3 software because one of 579 00:20:59,200 --> 00:21:03,360 the requirements is that the end user as 580 00:21:02,080 --> 00:21:06,080 in the 581 00:21:03,360 --> 00:21:08,960 user that actually is in possession of 582 00:21:06,080 --> 00:21:12,000 that device must be able to modify the 583 00:21:08,960 --> 00:21:14,960 gplv code in the in the device not every 584 00:21:12,000 --> 00:21:16,559 code in reverse just the gpl v3 ones 585 00:21:14,960 --> 00:21:19,120 but even then it seems completely 586 00:21:16,559 --> 00:21:21,840 contradictory to security because 587 00:21:19,120 --> 00:21:23,440 you the idea is you want to lock 588 00:21:21,840 --> 00:21:25,280 everything 589 00:21:23,440 --> 00:21:26,640 prevent this kind of modification rather 590 00:21:25,280 --> 00:21:29,840 in the first place 591 00:21:26,640 --> 00:21:32,080 this does makes it harder but it's not 592 00:21:29,840 --> 00:21:33,039 make doesn't make it impossible to 593 00:21:32,080 --> 00:21:35,440 create 594 00:21:33,039 --> 00:21:38,320 products that are 595 00:21:35,440 --> 00:21:41,039 uh containing gprv3 software while still 596 00:21:38,320 --> 00:21:43,600 complying with its licenses 597 00:21:41,039 --> 00:21:45,600 now while i said it secured with is 598 00:21:43,600 --> 00:21:46,640 helpful against physical attack it's not 599 00:21:45,600 --> 00:21:48,559 foolproof 600 00:21:46,640 --> 00:21:50,640 it does absolutely nothing against logic 601 00:21:48,559 --> 00:21:52,960 analyzers like this 602 00:21:50,640 --> 00:21:55,760 you might still attack the the cpu might 603 00:21:52,960 --> 00:21:58,400 still be attacked by power analysis 604 00:21:55,760 --> 00:22:00,640 the chips in this kind of linux devices 605 00:21:58,400 --> 00:22:02,799 they might be disaltered and that might 606 00:22:00,640 --> 00:22:03,600 open new attack factors 607 00:22:02,799 --> 00:22:05,360 so 608 00:22:03,600 --> 00:22:07,120 if you really are concerned against 609 00:22:05,360 --> 00:22:08,799 physical attacks you might consider 610 00:22:07,120 --> 00:22:12,080 covering everything in 611 00:22:08,799 --> 00:22:13,760 a boxy potting compound or adding timber 612 00:22:12,080 --> 00:22:16,080 detection circuitry 613 00:22:13,760 --> 00:22:16,960 so that if the shell of the device is 614 00:22:16,080 --> 00:22:19,200 open 615 00:22:16,960 --> 00:22:20,960 you just wipe everything all the secrets 616 00:22:19,200 --> 00:22:22,320 are gone 617 00:22:20,960 --> 00:22:24,240 and lastly 618 00:22:22,320 --> 00:22:26,400 things have security bugs and they can 619 00:22:24,240 --> 00:22:28,159 be in software or in the hardware or in 620 00:22:26,400 --> 00:22:29,919 the boot roms or in the 621 00:22:28,159 --> 00:22:30,880 even in the tpm chip 622 00:22:29,919 --> 00:22:33,280 and 623 00:22:30,880 --> 00:22:35,039 these bugs can be impossible to patch 624 00:22:33,280 --> 00:22:36,640 especially if they're in hardware so you 625 00:22:35,039 --> 00:22:38,960 might have put all this effort into 626 00:22:36,640 --> 00:22:41,600 securing and locking down your device 627 00:22:38,960 --> 00:22:42,400 and then one cve later 628 00:22:41,600 --> 00:22:44,640 your 629 00:22:42,400 --> 00:22:46,480 your adversary could have 630 00:22:44,640 --> 00:22:48,880 found a way in 631 00:22:46,480 --> 00:22:50,880 now after waking the pros and cons you 632 00:22:48,880 --> 00:22:53,919 might decide that yes you would like to 633 00:22:50,880 --> 00:22:55,600 become a tyrant and to implement the qr 634 00:22:53,919 --> 00:22:56,400 boot on your devices 635 00:22:55,600 --> 00:22:58,080 well 636 00:22:56,400 --> 00:22:59,760 i have some tips for you 637 00:22:58,080 --> 00:23:01,919 first when you're looking at the 638 00:22:59,760 --> 00:23:04,320 hardware stage 639 00:23:01,919 --> 00:23:05,919 secure boot is always fender specific on 640 00:23:04,320 --> 00:23:07,120 the very first stage because the boot 641 00:23:05,919 --> 00:23:08,960 drums are all different on different 642 00:23:07,120 --> 00:23:10,960 chips so start with the fender 643 00:23:08,960 --> 00:23:13,039 instructions and 644 00:23:10,960 --> 00:23:14,720 then modify it after you've gotten 645 00:23:13,039 --> 00:23:17,120 something up and working 646 00:23:14,720 --> 00:23:19,440 i'd recommend you getting multiple 647 00:23:17,120 --> 00:23:23,679 hardware kits because you'll need to 648 00:23:19,440 --> 00:23:25,440 burn the e-fuses on at least one of them 649 00:23:23,679 --> 00:23:26,960 and you might want to test a different 650 00:23:25,440 --> 00:23:28,640 sign build so 651 00:23:26,960 --> 00:23:30,320 you might get 652 00:23:28,640 --> 00:23:32,320 two devices like this 653 00:23:30,320 --> 00:23:34,400 with one that's not modified and one 654 00:23:32,320 --> 00:23:37,360 that has the 655 00:23:34,400 --> 00:23:42,000 e-fuses burn and will verify 656 00:23:37,360 --> 00:23:44,000 code and you might want to test how the 657 00:23:42,000 --> 00:23:44,720 code behavior is different on both of 658 00:23:44,000 --> 00:23:46,720 them 659 00:23:44,720 --> 00:23:48,000 and you might also prick some of these 660 00:23:46,720 --> 00:23:51,039 devices if you're programming them in 661 00:23:48,000 --> 00:23:54,000 correctly so be prepared to lose some 662 00:23:51,039 --> 00:23:56,880 and hopefully you'd lose none 663 00:23:54,000 --> 00:24:00,240 jtag exists please remember that to make 664 00:23:56,880 --> 00:24:01,440 sure the jtag fuses are also blown off 665 00:24:00,240 --> 00:24:02,880 and 666 00:24:01,440 --> 00:24:04,880 while you're dealing with hardware you 667 00:24:02,880 --> 00:24:07,120 might also as well look at 668 00:24:04,880 --> 00:24:09,919 if there's any hardware support that 669 00:24:07,120 --> 00:24:12,159 mechanism for encrypting secrets 670 00:24:09,919 --> 00:24:13,760 soms might have these mechanisms 671 00:24:12,159 --> 00:24:16,480 otherwise you might consider adding a 672 00:24:13,760 --> 00:24:18,799 cpm into your product 673 00:24:16,480 --> 00:24:20,799 the second stage where you got start 674 00:24:18,799 --> 00:24:22,480 dealing with boot loaders on amsterdam 675 00:24:20,799 --> 00:24:25,440 this is usually you boot and you might 676 00:24:22,480 --> 00:24:29,120 involve the fa or opt which are the 677 00:24:25,440 --> 00:24:30,799 uh trustzone ultrasound stuff 678 00:24:29,120 --> 00:24:33,039 if you're using ubud i recommend using 679 00:24:30,799 --> 00:24:34,880 fit image it's very convenient because 680 00:24:33,039 --> 00:24:37,279 it verifies the kernel device three and 681 00:24:34,880 --> 00:24:39,200 in it driver fast together in one go 682 00:24:37,279 --> 00:24:41,520 and it's not 683 00:24:39,200 --> 00:24:44,000 a hardware or vendor specific so 684 00:24:41,520 --> 00:24:46,880 you can reuse the effort you you you 685 00:24:44,000 --> 00:24:48,320 have used on one hardware sorry on one 686 00:24:46,880 --> 00:24:50,080 device on another device if they're 687 00:24:48,320 --> 00:24:52,559 using different chips 688 00:24:50,080 --> 00:24:55,919 that said you might want to disable the 689 00:24:52,559 --> 00:24:57,760 environment input import and console 690 00:24:55,919 --> 00:24:59,520 because they can be used to override the 691 00:24:57,760 --> 00:25:01,760 boot scripts which 692 00:24:59,520 --> 00:25:03,679 then can be used to timer with your 693 00:25:01,760 --> 00:25:04,559 process 694 00:25:03,679 --> 00:25:06,240 now 695 00:25:04,559 --> 00:25:07,600 once you got to the initial fast and 696 00:25:06,240 --> 00:25:09,679 really fast this is where you start 697 00:25:07,600 --> 00:25:11,840 dealing with the encrypt dm verity or 698 00:25:09,679 --> 00:25:13,440 integrity which is for encrypting or 699 00:25:11,840 --> 00:25:15,840 verifying 700 00:25:13,440 --> 00:25:17,279 file systems well not sell file stuff 701 00:25:15,840 --> 00:25:18,640 they're blocked devices that sits under 702 00:25:17,279 --> 00:25:20,159 the file stems 703 00:25:18,640 --> 00:25:23,520 you might mix and match them depending 704 00:25:20,159 --> 00:25:24,720 on how your device memory is what memory 705 00:25:23,520 --> 00:25:27,440 kind of memory is present on your 706 00:25:24,720 --> 00:25:30,159 devices be aware that dm verity implies 707 00:25:27,440 --> 00:25:31,919 that you have a read-only partition 708 00:25:30,159 --> 00:25:33,919 and once we go through that stage once 709 00:25:31,919 --> 00:25:37,679 in it start then you're back in familiar 710 00:25:33,919 --> 00:25:38,720 territory on how to secure linux systems 711 00:25:37,679 --> 00:25:41,200 now 712 00:25:38,720 --> 00:25:42,400 when you're 713 00:25:41,200 --> 00:25:44,960 at build time 714 00:25:42,400 --> 00:25:46,640 as in the os build time there's lots of 715 00:25:44,960 --> 00:25:48,640 signing that could have been done then 716 00:25:46,640 --> 00:25:51,279 and so if you're doing 717 00:25:48,640 --> 00:25:53,440 uh build time signing keep the keys 718 00:25:51,279 --> 00:25:55,520 secure on your field machines you might 719 00:25:53,440 --> 00:25:57,840 want to use separate depth separate sets 720 00:25:55,520 --> 00:26:00,080 of development and production keys to 721 00:25:57,840 --> 00:26:02,640 keep the secure boot process always on 722 00:26:00,080 --> 00:26:05,760 even on r d devices they'll get a lot 723 00:26:02,640 --> 00:26:07,840 more stress test that way 724 00:26:05,760 --> 00:26:09,279 and you 725 00:26:07,840 --> 00:26:12,000 that also means that you don't have to 726 00:26:09,279 --> 00:26:16,240 implement such a thing as disabling 727 00:26:12,000 --> 00:26:18,480 secure boot which can be 728 00:26:16,240 --> 00:26:22,080 can become a weakness 729 00:26:18,480 --> 00:26:25,679 and if your device sorry if your som has 730 00:26:22,080 --> 00:26:27,520 a real-time co-processor like a single 731 00:26:25,679 --> 00:26:29,520 cortex m4 that's used for real-time 732 00:26:27,520 --> 00:26:32,000 operations don't forget that those 733 00:26:29,520 --> 00:26:33,360 processors could also access main memory 734 00:26:32,000 --> 00:26:34,240 to some extent 735 00:26:33,360 --> 00:26:36,559 so 736 00:26:34,240 --> 00:26:38,720 if you make sure that the binaries that 737 00:26:36,559 --> 00:26:41,919 are running in this course are 738 00:26:38,720 --> 00:26:43,600 covered in your security process 739 00:26:41,919 --> 00:26:45,760 now when you're implementing your 740 00:26:43,600 --> 00:26:47,919 firmware update mechanism you really 741 00:26:45,760 --> 00:26:49,840 should use signed images to provide 742 00:26:47,919 --> 00:26:52,400 anyone inserting random code like you've 743 00:26:49,840 --> 00:26:54,480 gone through all this effort to 744 00:26:52,400 --> 00:26:56,960 secure your blue chain and surely you 745 00:26:54,480 --> 00:26:58,320 don't leave the front or wide open 746 00:26:56,960 --> 00:26:59,679 and 747 00:26:58,320 --> 00:27:01,919 while you 748 00:26:59,679 --> 00:27:04,080 well with signed side images make sure 749 00:27:01,919 --> 00:27:05,520 that the public key is secured by 750 00:27:04,080 --> 00:27:06,480 your security process so you got an 751 00:27:05,520 --> 00:27:08,080 entire 752 00:27:06,480 --> 00:27:10,960 chain of verification all the way from 753 00:27:08,080 --> 00:27:14,000 the hardware to your firmware updates 754 00:27:10,960 --> 00:27:16,720 if you encrypt those images you'd also 755 00:27:14,000 --> 00:27:19,120 need somewhere secure inside the device 756 00:27:16,720 --> 00:27:21,600 to store the keys that will be used to 757 00:27:19,120 --> 00:27:23,039 decrypt them 758 00:27:21,600 --> 00:27:25,600 when it comes to time to mass 759 00:27:23,039 --> 00:27:27,600 manufacture your device be aware that 760 00:27:25,600 --> 00:27:29,919 locking the software or some interfaces 761 00:27:27,600 --> 00:27:31,520 could limit your flexibility when it's 762 00:27:29,919 --> 00:27:33,840 design comes to designing your 763 00:27:31,520 --> 00:27:36,159 manufacturing process for example if you 764 00:27:33,840 --> 00:27:37,840 need jtag to check the test the 765 00:27:36,159 --> 00:27:40,240 connections between some chips on your 766 00:27:37,840 --> 00:27:42,880 board be aware that you need to 767 00:27:40,240 --> 00:27:45,039 test this before locking the software 768 00:27:42,880 --> 00:27:47,600 and the jtag interface because you can't 769 00:27:45,039 --> 00:27:49,360 do it otherwise and you might on the 770 00:27:47,600 --> 00:27:51,200 other hand you might find that it's 771 00:27:49,360 --> 00:27:53,200 slightly safer to 772 00:27:51,200 --> 00:27:56,640 generate private keys inside the device 773 00:27:53,200 --> 00:27:58,640 after you lock the device 774 00:27:56,640 --> 00:27:59,600 so with that in mind 775 00:27:58,640 --> 00:28:00,399 it's 776 00:27:59,600 --> 00:28:02,159 much 777 00:28:00,399 --> 00:28:04,320 i would highly recommend designing your 778 00:28:02,159 --> 00:28:06,559 mass manufacturing process early 779 00:28:04,320 --> 00:28:08,960 roughly around the time when the 780 00:28:06,559 --> 00:28:11,120 security process is also designed 781 00:28:08,960 --> 00:28:12,240 uh one thing that makes it easier is if 782 00:28:11,120 --> 00:28:13,039 you have 783 00:28:12,240 --> 00:28:14,880 a 784 00:28:13,039 --> 00:28:17,520 a trusted environment in your factory 785 00:28:14,880 --> 00:28:19,919 whether it's your trustees you got some 786 00:28:17,520 --> 00:28:22,960 trusted staff network or just a 787 00:28:19,919 --> 00:28:24,399 dedicated dedicated section because that 788 00:28:22,960 --> 00:28:26,640 reduces the number of threat factors 789 00:28:24,399 --> 00:28:30,559 that you have to deal with 790 00:28:26,640 --> 00:28:33,360 lastly if you happen to use a 791 00:28:30,559 --> 00:28:34,640 soms like this system on modules 792 00:28:33,360 --> 00:28:36,640 now you 793 00:28:34,640 --> 00:28:38,799 you might get some extra flexibility 794 00:28:36,640 --> 00:28:41,600 because this thing allows you to use a 795 00:28:38,799 --> 00:28:43,679 separate programming hardware and 796 00:28:41,600 --> 00:28:45,840 versus the real hardware so you might do 797 00:28:43,679 --> 00:28:47,840 your mass manufacturing and programming 798 00:28:45,840 --> 00:28:50,320 sorry mass programming on 799 00:28:47,840 --> 00:28:51,679 these soms in one go and then test the 800 00:28:50,320 --> 00:28:54,080 real hardware separately and then just 801 00:28:51,679 --> 00:28:56,960 combine the two later in the late in 802 00:28:54,080 --> 00:29:00,080 in a different step 803 00:28:56,960 --> 00:29:01,440 and lastly with gplv3 804 00:29:00,080 --> 00:29:04,320 restrictions 805 00:29:01,440 --> 00:29:07,440 there's two approaches that i'm aware of 806 00:29:04,320 --> 00:29:10,080 there could be more one is to ban 807 00:29:07,440 --> 00:29:11,840 gpl v3 in your device and only use all 808 00:29:10,080 --> 00:29:13,679 tpl php2 809 00:29:11,840 --> 00:29:15,120 but of course you're missing out on the 810 00:29:13,679 --> 00:29:17,840 latest and greatest features and 811 00:29:15,120 --> 00:29:21,039 security fixes on things like bash or 812 00:29:17,840 --> 00:29:23,520 utils star gb server and 813 00:29:21,039 --> 00:29:24,559 tracing mechanisms 814 00:29:23,520 --> 00:29:27,039 you might get away with using 815 00:29:24,559 --> 00:29:28,559 alternatives with pc box or c shell or 816 00:29:27,039 --> 00:29:30,640 maybe 817 00:29:28,559 --> 00:29:31,760 just by ensuring that nothing really 818 00:29:30,640 --> 00:29:35,600 uses them 819 00:29:31,760 --> 00:29:38,080 so that they can't do much harm 820 00:29:35,600 --> 00:29:41,039 otherwise alternatively you might allow 821 00:29:38,080 --> 00:29:43,520 updating the gplv3 codes for people that 822 00:29:41,039 --> 00:29:46,240 want it so you might provide an option 823 00:29:43,520 --> 00:29:48,159 for disabling secure boot and turn the 824 00:29:46,240 --> 00:29:50,080 device into some sort of dev kit mode 825 00:29:48,159 --> 00:29:51,440 that self erases the secret keys and 826 00:29:50,080 --> 00:29:54,000 whatnot 827 00:29:51,440 --> 00:29:55,600 now if you want to dig deeper then i can 828 00:29:54,000 --> 00:29:57,600 i have a few things that i can recommend 829 00:29:55,600 --> 00:29:59,679 to you which hopefully saves you some 830 00:29:57,600 --> 00:30:01,520 digging around in google and whatnot i'm 831 00:29:59,679 --> 00:30:03,039 just gonna gloss over them quickly 832 00:30:01,520 --> 00:30:04,480 because you then you can check them out 833 00:30:03,039 --> 00:30:06,000 for yourself from 834 00:30:04,480 --> 00:30:08,240 once you've got the slides 835 00:30:06,000 --> 00:30:11,200 so if you want if you happen to do 836 00:30:08,240 --> 00:30:12,640 secure boot on nxp imx6 or 7 platform 837 00:30:11,200 --> 00:30:14,240 there's this stock that i will tightly 838 00:30:12,640 --> 00:30:15,840 recommend you to watch 839 00:30:14,240 --> 00:30:17,840 and of course the 840 00:30:15,840 --> 00:30:19,279 the official application notes are very 841 00:30:17,840 --> 00:30:21,840 useful 842 00:30:19,279 --> 00:30:24,880 uh if you're dealing with verified with 843 00:30:21,840 --> 00:30:26,880 yubit in addition to the official 844 00:30:24,880 --> 00:30:28,559 documentation in the kids repositories 845 00:30:26,880 --> 00:30:30,240 these two presentations could help you 846 00:30:28,559 --> 00:30:31,600 understand how it works and how to 847 00:30:30,240 --> 00:30:33,840 implement it 848 00:30:31,600 --> 00:30:36,240 if you're thinking of including gplv3 in 849 00:30:33,840 --> 00:30:38,960 embedded i would highly recommend this 850 00:30:36,240 --> 00:30:41,760 presentation because it covers exactly 851 00:30:38,960 --> 00:30:42,720 this topic and even covers 852 00:30:41,760 --> 00:30:45,520 some 853 00:30:42,720 --> 00:30:47,360 automotive use cases 854 00:30:45,520 --> 00:30:49,200 now if you're curious about the atm or 855 00:30:47,360 --> 00:30:52,240 fps attacks that i showed you earlier 856 00:30:49,200 --> 00:30:54,880 you can check out these videos and 857 00:30:52,240 --> 00:30:58,080 possibly even more in the black hat 858 00:30:54,880 --> 00:31:00,559 defcon conference past talks 859 00:30:58,080 --> 00:31:03,039 if you want to find out more about tpms 860 00:31:00,559 --> 00:31:04,640 there's a tpm tutorial from google 861 00:31:03,039 --> 00:31:07,120 called tpmjs 862 00:31:04,640 --> 00:31:08,640 no it's not a dpm implementation in 863 00:31:07,120 --> 00:31:10,720 javascript 864 00:31:08,640 --> 00:31:12,240 there's also a book which happens to be 865 00:31:10,720 --> 00:31:14,399 free actually 866 00:31:12,240 --> 00:31:16,799 that you can read about 867 00:31:14,399 --> 00:31:18,399 and the tpm2 software community has a 868 00:31:16,799 --> 00:31:20,799 lot of useful links 869 00:31:18,399 --> 00:31:23,120 as well 870 00:31:20,799 --> 00:31:26,480 and lastly if you want some real world 871 00:31:23,120 --> 00:31:27,360 examples of the security incidents 872 00:31:26,480 --> 00:31:29,600 you 873 00:31:27,360 --> 00:31:31,279 there's an excellent talk on from ars 874 00:31:29,600 --> 00:31:33,279 technica about 875 00:31:31,279 --> 00:31:35,600 bypassing a security security in the 876 00:31:33,279 --> 00:31:38,640 laptop that has a tpm enabled 877 00:31:35,600 --> 00:31:41,519 there's the book about stuxnet 878 00:31:38,640 --> 00:31:42,799 that is a highly recommended read and 879 00:31:41,519 --> 00:31:43,760 there's 880 00:31:42,799 --> 00:31:46,480 also 881 00:31:43,760 --> 00:31:49,279 uh the expert witness 882 00:31:46,480 --> 00:31:50,799 reports in the toyota acceleration case 883 00:31:49,279 --> 00:31:53,440 if you are 884 00:31:50,799 --> 00:31:55,120 interested in an analysis of the 885 00:31:53,440 --> 00:31:57,840 software that runs 886 00:31:55,120 --> 00:31:59,600 in this kind of industrial automotive 887 00:31:57,840 --> 00:32:01,279 environment 888 00:31:59,600 --> 00:32:03,519 and if you're interested in some 889 00:32:01,279 --> 00:32:06,399 renovated cves there is one that affects 890 00:32:03,519 --> 00:32:08,640 the boot drone in nxp imax chips there's 891 00:32:06,399 --> 00:32:11,360 another one that affects the infinion 892 00:32:08,640 --> 00:32:14,000 chips such as their tpms and security 893 00:32:11,360 --> 00:32:16,000 smart cards and there's also a software 894 00:32:14,000 --> 00:32:17,519 one that's affecting security in you 895 00:32:16,000 --> 00:32:19,840 boot 896 00:32:17,519 --> 00:32:21,760 and that is the end of the talk thank 897 00:32:19,840 --> 00:32:24,159 you very much for watching and hopefully 898 00:32:21,760 --> 00:32:25,519 i have given you enough resources so 899 00:32:24,159 --> 00:32:28,799 that you too 900 00:32:25,519 --> 00:32:30,640 could become a tyrant thank you very 901 00:32:28,799 --> 00:32:33,120 much 902 00:32:30,640 --> 00:32:36,320 irving that was beautifully put together 903 00:32:33,120 --> 00:32:37,919 um as is your laurels which you have 904 00:32:36,320 --> 00:32:39,840 earned 905 00:32:37,919 --> 00:32:43,919 thank you um 906 00:32:39,840 --> 00:32:46,240 so we have a few questions uh the top 907 00:32:43,919 --> 00:32:49,200 question at the moment is 908 00:32:46,240 --> 00:32:52,159 are there any raspberry pi class and 909 00:32:49,200 --> 00:32:54,320 price devices that support secure boot 910 00:32:52,159 --> 00:32:57,600 and tpm 911 00:32:54,320 --> 00:32:58,559 okay good question um 912 00:32:57,600 --> 00:33:00,880 you 913 00:32:58,559 --> 00:33:03,440 i'd say instead of looking at the 914 00:33:00,880 --> 00:33:05,279 devices look into the chips that are 915 00:33:03,440 --> 00:33:07,519 used in those devices the ones that i 916 00:33:05,279 --> 00:33:09,519 knew do support it and are relatively 917 00:33:07,519 --> 00:33:13,200 well documented are from the 918 00:33:09,519 --> 00:33:15,919 using nxp's imx67 or eight 919 00:33:13,200 --> 00:33:18,480 um in for tpms you can actually buy 920 00:33:15,919 --> 00:33:21,440 little tpm modules that just plugs into 921 00:33:18,480 --> 00:33:23,519 a raspberry pi i mean it's not soldered 922 00:33:21,440 --> 00:33:26,480 in but if you want to play around that 923 00:33:23,519 --> 00:33:27,679 works perfectly well 924 00:33:26,480 --> 00:33:29,840 great 925 00:33:27,679 --> 00:33:31,279 um next question 926 00:33:29,840 --> 00:33:33,200 where do you get the clips that 927 00:33:31,279 --> 00:33:34,559 intercept the chip pins for the logic 928 00:33:33,200 --> 00:33:35,760 analyzer 929 00:33:34,559 --> 00:33:38,480 oh 930 00:33:35,760 --> 00:33:41,360 that one comes from i believe uh 931 00:33:38,480 --> 00:33:43,440 element14 or you can or rs components 932 00:33:41,360 --> 00:33:46,960 dgk probably have them as well 933 00:33:43,440 --> 00:33:50,399 they're made by pomona electronics p.o 934 00:33:46,960 --> 00:33:51,760 papa oscar mike oscar 935 00:33:50,399 --> 00:33:54,159 november 936 00:33:51,760 --> 00:33:55,679 alpha pomona 937 00:33:54,159 --> 00:33:58,159 ah 938 00:33:55,679 --> 00:33:59,120 you're much better at remembering that 939 00:33:58,159 --> 00:34:03,279 um 940 00:33:59,120 --> 00:34:03,279 that alphabet quickly than i am 941 00:34:05,440 --> 00:34:10,000 um 942 00:34:07,679 --> 00:34:13,520 so the next question is can these 943 00:34:10,000 --> 00:34:15,359 techniques apply to vms 944 00:34:13,520 --> 00:34:17,679 um 945 00:34:15,359 --> 00:34:20,079 short long story short i don't know 946 00:34:17,679 --> 00:34:22,399 because i'm not an expert on vms in 947 00:34:20,079 --> 00:34:24,960 theory if you have a chain that goes 948 00:34:22,399 --> 00:34:28,320 beyond your hypervisor and it keeps 949 00:34:24,960 --> 00:34:30,320 verifying things using hashes or skis 950 00:34:28,320 --> 00:34:31,399 then it will be possible i'm not aware 951 00:34:30,320 --> 00:34:34,079 of which 952 00:34:31,399 --> 00:34:37,119 implementations exist at the moment for 953 00:34:34,079 --> 00:34:37,839 that that said um if you were thinking 954 00:34:37,119 --> 00:34:39,520 of 955 00:34:37,839 --> 00:34:41,599 if you're thinking about embedded 956 00:34:39,520 --> 00:34:42,960 contacts and thinking about putting vms 957 00:34:41,599 --> 00:34:45,359 in your embedded devices i would have 958 00:34:42,960 --> 00:34:46,800 asked why would you want to do that 959 00:34:45,359 --> 00:34:49,839 that sounds like a very interesting use 960 00:34:46,800 --> 00:34:49,839 case please share it 961 00:34:50,800 --> 00:34:55,200 for the post chat talk discussion 962 00:34:55,440 --> 00:35:00,480 post talk chat discussion 963 00:34:57,599 --> 00:35:01,520 get my words in the right order 964 00:35:00,480 --> 00:35:04,079 um 965 00:35:01,520 --> 00:35:06,079 the next question we have we have a good 966 00:35:04,079 --> 00:35:07,760 bit of time for quite a few questions so 967 00:35:06,079 --> 00:35:10,160 we're going all right 968 00:35:07,760 --> 00:35:12,560 how do we balance the need for security 969 00:35:10,160 --> 00:35:13,760 with the need for openness always the 970 00:35:12,560 --> 00:35:16,400 question 971 00:35:13,760 --> 00:35:19,119 oh it's it's always the question and i'm 972 00:35:16,400 --> 00:35:20,000 afraid my best guess is it depends 973 00:35:19,119 --> 00:35:22,640 um 974 00:35:20,000 --> 00:35:25,359 so secure put at at the end of the day 975 00:35:22,640 --> 00:35:27,359 it's basically just a tool that could 976 00:35:25,359 --> 00:35:29,200 restrict access 977 00:35:27,359 --> 00:35:31,680 and 978 00:35:29,200 --> 00:35:33,280 regarding where when and where the tool 979 00:35:31,680 --> 00:35:35,359 should be used is 980 00:35:33,280 --> 00:35:36,880 a different question on how to you you 981 00:35:35,359 --> 00:35:38,079 want to use the tool 982 00:35:36,880 --> 00:35:40,160 so i 983 00:35:38,079 --> 00:35:42,720 i i i've read that a 984 00:35:40,160 --> 00:35:45,520 separate can of worms that has existed 985 00:35:42,720 --> 00:35:47,680 all the way since what the richard 986 00:35:45,520 --> 00:35:50,880 stallman protested the use of passwords 987 00:35:47,680 --> 00:35:53,200 you see a login using passwords 988 00:35:50,880 --> 00:35:55,040 yeah i think i think that one is a 989 00:35:53,200 --> 00:35:57,119 question you have to ask every time you 990 00:35:55,040 --> 00:35:59,280 do anything one 991 00:35:57,119 --> 00:36:01,119 and if there was a nice solution we 992 00:35:59,280 --> 00:36:02,560 wouldn't still be wondering 993 00:36:01,119 --> 00:36:05,599 but it is a good question to be 994 00:36:02,560 --> 00:36:05,599 constantly asking 995 00:36:05,760 --> 00:36:11,359 okay next up 996 00:36:07,920 --> 00:36:13,359 can you summarize the issue with gpl um 997 00:36:11,359 --> 00:36:15,119 three versus gpl two in a couple of 998 00:36:13,359 --> 00:36:17,200 sentences please 999 00:36:15,119 --> 00:36:18,960 uh okay so i guess 1000 00:36:17,200 --> 00:36:22,240 for 1001 00:36:18,960 --> 00:36:25,040 gps the new thing about tpl v3 is it has 1002 00:36:22,240 --> 00:36:27,440 a clause that basically correct me if 1003 00:36:25,040 --> 00:36:29,280 i'm wrong and again i'm not your lawyer 1004 00:36:27,440 --> 00:36:31,760 it basically requires that if you give 1005 00:36:29,280 --> 00:36:34,000 somebody a device that contains code 1006 00:36:31,760 --> 00:36:34,960 that's licensed gplv3 1007 00:36:34,000 --> 00:36:37,760 the 1008 00:36:34,960 --> 00:36:42,240 person who has that device must be able 1009 00:36:37,760 --> 00:36:44,720 to replace that tpl v3 code 1010 00:36:42,240 --> 00:36:46,720 with their unmodified versions only the 1011 00:36:44,720 --> 00:36:48,480 gplv3 not necessarily the rest of the 1012 00:36:46,720 --> 00:36:49,280 device and 1013 00:36:48,480 --> 00:36:52,079 that's 1014 00:36:49,280 --> 00:36:54,960 that's why usually if you lock gpl v3 1015 00:36:52,079 --> 00:36:56,400 code using secure boot then the end user 1016 00:36:54,960 --> 00:36:57,280 can't replace it 1017 00:36:56,400 --> 00:36:59,520 uh 1018 00:36:57,280 --> 00:37:01,599 the top that i link the presentation 1019 00:36:59,520 --> 00:37:03,280 that i link just explain it in a much 1020 00:37:01,599 --> 00:37:05,359 better way than i can so i highly 1021 00:37:03,280 --> 00:37:08,400 recommend you check it out since this is 1022 00:37:05,359 --> 00:37:09,839 a there's a very very subtle nuances 1023 00:37:08,400 --> 00:37:12,800 that i didn't even realize until i 1024 00:37:09,839 --> 00:37:12,800 started reading that as well 1025 00:37:13,520 --> 00:37:19,359 what's your take on the new pluton chip 1026 00:37:15,760 --> 00:37:22,880 edition by ms for intel amd arm chip 1027 00:37:19,359 --> 00:37:26,800 cpus to do tpm within the cpu 1028 00:37:22,880 --> 00:37:28,800 so many tlas sorry about that 1029 00:37:26,800 --> 00:37:32,640 uh let's see 1030 00:37:28,800 --> 00:37:32,640 just pasting that okay so 1031 00:37:33,839 --> 00:37:37,760 intel amd 1032 00:37:35,040 --> 00:37:39,200 cpm within the cpu um 1033 00:37:37,760 --> 00:37:41,680 i think 1034 00:37:39,200 --> 00:37:44,800 from what i've read the from what little 1035 00:37:41,680 --> 00:37:49,359 i've read so far it gives the 1036 00:37:44,800 --> 00:37:51,599 ability to store secrets and it can 1037 00:37:49,359 --> 00:37:54,160 basically does the tpm stuff that's tpm 1038 00:37:51,599 --> 00:37:57,119 standard cpu that sounds like something 1039 00:37:54,160 --> 00:38:00,400 the imx chips has been able to do for a 1040 00:37:57,119 --> 00:38:02,079 long time now so it's 1041 00:38:00,400 --> 00:38:04,400 less about 1042 00:38:02,079 --> 00:38:06,720 what the chips are capable of how it 1043 00:38:04,400 --> 00:38:08,960 ends up being used 1044 00:38:06,720 --> 00:38:11,280 so it could be used for 1045 00:38:08,960 --> 00:38:12,800 good i guess it could be used for 1046 00:38:11,280 --> 00:38:15,599 not very good purposes it could be used 1047 00:38:12,800 --> 00:38:18,400 to again it could be used to lock you 1048 00:38:15,599 --> 00:38:20,160 out from the cpu that you have but 1049 00:38:18,400 --> 00:38:21,520 it could be used for you to lock 1050 00:38:20,160 --> 00:38:24,400 everybody else from the cpu that you 1051 00:38:21,520 --> 00:38:24,400 have as well i think 1052 00:38:25,920 --> 00:38:30,000 next question 1053 00:38:27,359 --> 00:38:32,000 uh with a separate tpm when you enable 1054 00:38:30,000 --> 00:38:34,640 encrypted commands between the tpm and 1055 00:38:32,000 --> 00:38:36,560 the cpu how is the logic analyzer 1056 00:38:34,640 --> 00:38:40,480 prevented from seeing the keys that 1057 00:38:36,560 --> 00:38:40,480 encrypt the rest of the communications 1058 00:38:41,040 --> 00:38:43,359 okay 1059 00:38:44,880 --> 00:38:50,560 how does so basically you're asking how 1060 00:38:47,359 --> 00:38:52,960 the parameter encryption works um i 1061 00:38:50,560 --> 00:38:55,359 i'd recommend you check the manual 1062 00:38:52,960 --> 00:38:56,880 because i wasn't the one implementing 1063 00:38:55,359 --> 00:39:00,160 that so 1064 00:38:56,880 --> 00:39:01,440 so sorry i can't give more details 1065 00:39:00,160 --> 00:39:03,680 there's always 1066 00:39:01,440 --> 00:39:05,359 reference documentation for that yeah 1067 00:39:03,680 --> 00:39:08,800 but i'm if 1068 00:39:05,359 --> 00:39:11,119 but if my best guess if you're if you're 1069 00:39:08,800 --> 00:39:14,400 willing to listen is that it's probably 1070 00:39:11,119 --> 00:39:16,240 the similar to tv hellmann exchange 1071 00:39:14,400 --> 00:39:18,480 where you can 1072 00:39:16,240 --> 00:39:20,400 generate something split them in half 1073 00:39:18,480 --> 00:39:21,920 and exchange them and then you got the 1074 00:39:20,400 --> 00:39:24,000 secret that somebody sniffing in the 1075 00:39:21,920 --> 00:39:26,800 middle won't 1076 00:39:24,000 --> 00:39:26,800 won't be able to guess 1077 00:39:27,280 --> 00:39:32,320 but that's that's a guess please check 1078 00:39:29,119 --> 00:39:34,000 what the actual thing does 1079 00:39:32,320 --> 00:39:36,800 okay 1080 00:39:34,000 --> 00:39:38,400 um the last question we've got right now 1081 00:39:36,800 --> 00:39:40,480 um although we've got time for another 1082 00:39:38,400 --> 00:39:43,200 couple if anyone wants to post one 1083 00:39:40,480 --> 00:39:47,599 before irving done answering this one 1084 00:39:43,200 --> 00:39:50,560 is does using hashes hinder updating 1085 00:39:47,599 --> 00:39:51,440 does using oh for for boot for secure 1086 00:39:50,560 --> 00:39:53,119 boot 1087 00:39:51,440 --> 00:39:54,560 yes it does so 1088 00:39:53,119 --> 00:39:56,480 that's the 1089 00:39:54,560 --> 00:40:00,000 i believe there's 1090 00:39:56,480 --> 00:40:02,240 some complication with using uh tpm pcr 1091 00:40:00,000 --> 00:40:03,920 hashes if you want to update bios or 1092 00:40:02,240 --> 00:40:07,359 something like that which i'm not an 1093 00:40:03,920 --> 00:40:09,359 expert in but yes it could uh 1094 00:40:07,359 --> 00:40:10,640 complicate updating firmware 1095 00:40:09,359 --> 00:40:12,400 that's why 1096 00:40:10,640 --> 00:40:14,319 i think using 1097 00:40:12,400 --> 00:40:17,119 public case to file that you can 1098 00:40:14,319 --> 00:40:18,640 validate them the 1099 00:40:17,119 --> 00:40:20,720 you can validate the next component 1100 00:40:18,640 --> 00:40:22,480 using hashes 1101 00:40:20,720 --> 00:40:26,240 and then you just just verify that the 1102 00:40:22,480 --> 00:40:26,240 hash matches the signatures 1103 00:40:27,200 --> 00:40:30,880 okay 1104 00:40:28,240 --> 00:40:32,319 well um that's all the questions we have 1105 00:40:30,880 --> 00:40:33,839 um so 1106 00:40:32,319 --> 00:40:35,280 thank you irving 1107 00:40:33,839 --> 00:40:37,440 for such a 1108 00:40:35,280 --> 00:40:40,160 fascinating and well put together talk 1109 00:40:37,440 --> 00:40:42,560 um you've done 1110 00:40:40,160 --> 00:40:44,400 exceedingly well for your first lca tech 1111 00:40:42,560 --> 00:40:45,680 oh wait any questions just come in hang 1112 00:40:44,400 --> 00:40:48,720 on hang on 1113 00:40:45,680 --> 00:40:51,920 uh with the increasing interest in risk 1114 00:40:48,720 --> 00:40:54,079 v cpu architecture do you think a tpm 1115 00:40:51,920 --> 00:40:56,240 module that is part of the cpu design 1116 00:40:54,079 --> 00:40:59,280 would be useful 1117 00:40:56,240 --> 00:41:01,760 uh yes because it 1118 00:40:59,280 --> 00:41:03,839 i think uh the capabilities of a tpm 1119 00:41:01,760 --> 00:41:06,480 will be very useful if it's integrated 1120 00:41:03,839 --> 00:41:09,280 inside the cpu because you just don't 1121 00:41:06,480 --> 00:41:10,800 need to worry about that sleeping 1122 00:41:09,280 --> 00:41:13,520 uh significant communication between the 1123 00:41:10,800 --> 00:41:15,359 two whether that gets used for 1124 00:41:13,520 --> 00:41:18,240 locking you out or you locking somebody 1125 00:41:15,359 --> 00:41:20,319 else out is another question 1126 00:41:18,240 --> 00:41:22,480 yes 1127 00:41:20,319 --> 00:41:23,520 that's that's how it is with most things 1128 00:41:22,480 --> 00:41:25,680 in life 1129 00:41:23,520 --> 00:41:28,800 yeah of course 1130 00:41:25,680 --> 00:41:30,560 all right okay now we will really will 1131 00:41:28,800 --> 00:41:34,319 wrap it up um 1132 00:41:30,560 --> 00:41:34,319 so yes thank you so much irving 1133 00:41:37,680 --> 00:41:43,240 thank you for everybody listening 1134 00:41:40,079 --> 00:41:43,240 see ya