Firmware security

From OLPC
Revision as of 22:55, 11 July 2007 by Wmb@firmworks.com (talk | contribs) (Strawman of Firmware Security stuff)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Scope

!!! Strawman Version !!!

This page describes the role of Open Firmware in BitFrost security on XO.

Goals

  1. Run recovery firmware if primary firmware is bad
  2. No access to ok prompt without developer key
  3. Firmware update images must be signed
  4. Boot images must be signed
  5. Unactivated laptops will only boot the activation image
  6. Boot alternate OS image if primary OS image is bad

Files

The files listed below are on NAND FLASH in JFFS2. How it works on USB disk or SD card is TBD. (The zip archives listed below must be created without compression (-n option) and without paths (-j option).)

  • Primary images are in /boot
  • Secondary images are in /boot-alt
  • The activation key is named "/boot/lease.xxx". Format and extension TBD.
  • The developer key is name "/boot/develop.key".
  • The normal OS image is in "/boot/os.zip", containing "os.img" and "os.key" (SHA256->ECC256)
    • os.img is one of the load formats that OFW supports, e.g. Linux bzImage
    • os.key is ASN.1 as defined by the bios_crypto
  • The activation image is in "/boot/activate.zip", containing "os.img" and "os.key"
    • os.img is one of the load formats that OFW supports, e.g. Linux bzImage. Any initramfs must be bundled in os.img.
    • os.key is ASN.1 as defined by the bios_crypto (SHA256->ECC256).
  • The new firmware image is "/boot/bootfw.zip", containing "bootfw.img" and "bootfw.key"
    • bootfw.img is the usual OFW image format
    • bootfw.key is ASN.1 as defined by the bios_crypto (Whirl->RSA, SHA512->RSA, Whirl->ECC521, SHA512->ECC521)
  • ??? How does the OS verify that the new firmware has been loaded so it can delete the bootfw.zip file? By checking the firmware version?

Process

  1. If OFW fails to come up correctly, a firmware recovery procedure is attempted - details TBD.
  2. OFW checks for a new firmware image. If one exists and verifies, OFW reflashes itself and reboots.
  3. OFW locks out further SPI FLASH writing with the hardware lock.
  4. If a valid developer key is present, OFW enters non-secure mode, where it behaves as it currently does. Otherwise ...
  5. If an activation key is present and valid (fill in details), OFW verifies and boots the normal OS image. If that fails, OFW tries the normal OS image in the secondary directory.
  6. Otherwise, OFW verifies and boots the activation image. If that fails, OFW tries the activation image in the secondary directory.
  7. If none of the above booting steps succeed, OFW displays and error screen and halts.