undefined | Better HN

0 pointsAnthonyMouse9mo ago0 comments

> What if you need to update the bootloader?

Then you boot the system from the existing bootloader, causing the booted system to be trusted to supply a new hash.

> TPMs can do remote attestation without signatures just fine, by measuring the hash of the bootloader.

If there are no private keys in the TPM from the factory then there is nothing for a third party to force you to sign the hash with, as intended.

0 comments

mjg599mo ago

How does the system know whether the new bootloader is legitimate or not?

All TPMs have private keys from the factory. They're entirely unrelated to the secure boot keys.

AnthonyMouseOP9mo ago

> How does the system know whether the new bootloader is legitimate or not?

However it wants to. Maybe the existing bootloader (chosen by the owner rather than the vendor) or the OS it loads has its own signature verification system for update packages, like apt-get. Maybe the OS downloads it from a trusted URL via HTTPS and relies on web PKI. Maybe it uses Kerberos authentication to get it from the organization's own update servers. Maybe it just boots an OS that allows the operator to apply any update they want from a USB stick, but only after authenticating with the OS.

None of that is the firmware's problem, all it has to do is disallow modifications to itself unless the owner has entered the firmware password or the system is booted from the owner-designated trusted bootloader.

> All TPMs have private keys from the factory. They're entirely unrelated to the secure boot keys.

The point isn't which device has the keys, it's that it shouldn't contain any from the factory. Nothing good can come of it.

mjg599mo ago

The situation you're protecting against is one where someone who compromises the OS can make that compromise persistent by replacing the bootloader. That means you can't place any trust in any component after the bootloader, since an attacker could just fake whatever mechanism you're enforcing.

> The point isn't which device has the keys, it's that it shouldn't contain any from the factory. Nothing good can come of it.

TPMs have private keys, and are not involved in enforcing secure boot. The firmware validating the signatures only has public keys.

1 more reply

j / k navigate · click thread line to collapse

0 pointsAnthonyMouse9mo ago0 comments

> What if you need to update the bootloader?

Then you boot the system from the existing bootloader, causing the booted system to be trusted to supply a new hash.

> TPMs can do remote attestation without signatures just fine, by measuring the hash of the bootloader.

If there are no private keys in the TPM from the factory then there is nothing for a third party to force you to sign the hash with, as intended.

0 comments

mjg599mo ago

How does the system know whether the new bootloader is legitimate or not?

All TPMs have private keys from the factory. They're entirely unrelated to the secure boot keys.

AnthonyMouseOP9mo ago

> How does the system know whether the new bootloader is legitimate or not?

> All TPMs have private keys from the factory. They're entirely unrelated to the secure boot keys.

The point isn't which device has the keys, it's that it shouldn't contain any from the factory. Nothing good can come of it.

mjg599mo ago

> The point isn't which device has the keys, it's that it shouldn't contain any from the factory. Nothing good can come of it.

TPMs have private keys, and are not involved in enforcing secure boot. The firmware validating the signatures only has public keys.

1 more reply

j / k navigate · click thread line to collapse