User:Martinlanghoff/RTC Rollback notes
These notes apply to the feature work tracked in http://dev.laptop.org/ticket/9564
This page provides a high-level draft plan for the feature.
Summary OFW keeps track of an ever-increasing "last known good RTC" value, which is checked in initramfs against the actual RTC. As a protection against rollforward errors or attacks, the initramfs requests from the antitheft servers a signed rtc-reset, that gets saved in /security. On the following boot, OFW reads and applies the signed rtc-reset.
OFW: Last-Known-Good-RTC rollforward
During boot, OFW checks the Last-Known-Good-RTC ("LKGRTC") vs the RTC. If the RTC value is higher, the value gets written as a new LKGRTC.
Mitch has outlined a plan to store the LKGRTC in an OFW value with minimal SPI Flash wear. The expectation is that the value will be exported under /ofw/ for Initramfs to read.
Initramfs: check LGRTC vs RTC, handle bad cases
The initramfs checks LGRTC vs RTC. If RTC < LKGRTC, it must follow the same codepath as if the lease had expired, leading to request a new activation lease from the servers.
The initramfs code in 8.2.2 and F11 builds already requests a "server-signed timestamp" along with the activation lease.
This code needs to be changed slightly to include the LKGRTC in the request as a nonce. The LKGRTC is very hard to manipulate with precision so it makes for an effective nonce, preventing replay attacks.
If the RTC reset is received, and the signatures validate, it gets written in /security/rtc-reset.msg, the RTC is set accordingly, and a reboot is triggered.
Server: signed RTC reset
The xs-activation-server software (included in the XS) already handles requests for a server-signed timestamp. This timestamp gets signed with the OATS key (either master, or a delegated).
Minor changes may be needed to accomodate the change in nonce format.
OFW: Apply signed RTC reset
Before checking LKGRTC vs RTC, OFW checks for /security/rtc-reset.msg . If the file exists, the 'nonce' matches the current LKGRTC, and the signatures validate, the new rtc value is read from it and applied to LKGRTC.
Optional: the file can be deleted (is our ext2fs driver safe for this?) (wmb: I am gaining confidence in the ext2fs driver, to the extent that I am inclined to trust it - at least for the latest XO-1.5 OFW build. But the file cannot be deleted on XO-1.0, which uses JFFS2 and does not have partitions on the NAND. So it's probably better for OFW not to delete it.)
For increased security, an ntpd daemon could be run directly from the initramfs with respawn. This adds complexity, but makes "clock slowdown" attacks extremely hard.