Security/Trustworthy flashing

From coreboot
Jump to navigation Jump to search

The wiki is being retired!

Documentation is now handled by the same processes we use for code: Add something to the Documentation/ directory in the coreboot repo, and it will be rendered to https://doc.coreboot.org/. Contributions welcome!

Work in progress

This tutorial a work in progress and is not finished yet.

Trustworthy flashing from untrustworthy computers.

Building Coreboot and flashing its resulting image usually assumes that the host doing it is trustworthy. An untrustworthy host could potentially compromise the target by building a modified image, or modifying the image while flashing.

Coreboot now has reproducible builds. We will then take advantage of it to break out of this chicken and egg problem.

At the time of writing, flashrom has patches to deal with the write protection pin of SPI flash chips. The patches also don't cover (yet) other buses such as parallel, LPC, or FWH. Since the patches were not fully merged yet, such functionality will not be used in this tutorial (yet).

Note that this tutorial only deals with the flash chip integrity and doesn't handle:

  • blobs untrustworthiness such as the Intel Management Engine firmware.
  • Freedom issues with other chips such as the Embedded Controller.
  • DMA attacks from peripherals.
  • Any unrelated attack.

Requirements:

  • A computer that is to become trustworthy.
  • Several (untrustworthy) computers, that all can compile crossgcc and Coreboot
  • Several (untrustworthy) computers that can run flashrom, to talk to an external flash programmer
  • A hardware flash programmer (no software running inside it).

It's a good idea to use a diverse source for the computers, and making sure that a single person cannot control all them at the same time (like trough ssh). The computers required to build Coreboot aren't required to be available at the same time. The computers running flashrom however do. The computers building Coreboot and running flashrom can be the sames.

Steps:

1. compilation First decide on a configuration to use (with make menuconfig). Then on all untrustworthy computers, compile crossgcc according to your target architecture (make crossgcc-i386 for instance) then compile coreboot (make). Compare the checksums of the produced images. This step doesn't necessarily need to be done at the same time.

2. flashing and verification. This step can be done with a different set of untrustworthy computers. The Coreboot image must be made available on the "flashing" computers. Pick a random computer and flash the image. Then, several times, pick random computers and flash the image again. Flashrom should say that the image is unchanged. This is to make sure that a given computer cannot predict if it will be the last computer flashing the image.