Announcement

Collapse
No announcement yet.

TEE Subsystem Proposed For Linux 4.12 Kernel

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • TEE Subsystem Proposed For Linux 4.12 Kernel

    Phoronix: TEE Subsystem Proposed For Linux 4.12 Kernel

    Linaro developers are hoping to merge the generic TEE subsystem into the Linux 4.12 kernel this spring...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    The word "trusted" in this context means that companies can trust that their code runs on your device and that you can not read, write, access, detect or tamper with it.
    It means that their code can run in a trusted execution environment that is secure from you.

    Comment


    • #3
      Originally posted by uid313 View Post
      The word "trusted" in this context means that companies can trust that their code runs on your device and that you can not read, write, access, detect or tamper with it.
      It means that their code can run in a trusted execution environment that is secure from you.
      And that is bad because? If you buy softwares/services that need this bullshit, you are fine with that.

      Comment


      • #4
        How hard would it be given that this is in a Linux kernel to get control of the TEE subsystem to make a system YOU can trust instead of the hardware vendor? An obvious use-case would be keeping LUKS disk keys somewhere no online attacker could ever read and export them even after getting root without having to reinstall the entire OS, change the setting of a hardware switch, reprovision keys from another, different OS that has no network access, or some other such thing.

        The ultimate goal here would be on x86 to get control of PSP/IME processors and use them with new firmware signed with YOUR key to validate your firmware, your bootloader, your kernel, and your initramfs, then handle decrypting the disk. Once booted, no access from inside the OS and an attacker with physical access needs your private key to replace anything. Lastly, the whole system set up to accept only one key at a time and no others. Same idea on ARM, as that would give user-controlled phones, tablets, and ARM laptops. For laptops only one vendor's hardware needs to work to provide a source of ultra-secure machines, and for phones a single known user unlock/user re-lock capable phone on the market would again be enough.

        Now you'd have a laptop that can be possibly rendered safe after passing through the hands of a hostile police agency (or airport/customs "inspection") by replacing the keyboard and carefully checking for any hardware additions or replacements. Same for a ARM phone set up that way: the potential to recover trust in a device that has untrusted or explicitly hostile access. How would this work? By creating a situation where if they add their keys and their software, yours no longer works, just like if they changed your email passphrase.

        Remember: they thought they could control access to movies on Blu-Ray and even on DVD at one time. They thought they could lock consoles until modchips (legal or otherwise) came along.
        Last edited by Luke; 15 March 2017, 07:48 PM.

        Comment


        • #5
          Originally posted by Luke View Post
          The ultimate goal here would be on x86 to get control of PSP/IME processors and use them with new firmware signed with YOUR key to validate your firmware, your bootloader, your kernel, and your initramfs, then handle decrypting the disk. Once booted, no access from inside the OS and an attacker with physical access needs your private key to replace anything. Lastly, the whole system set up to accept only one key at a time and no others. Same idea on ARM, as that would give user-controlled phones, tablets, and ARM laptops. For laptops only one vendor's hardware needs to work to provide a source of ultra-secure machines, and for phones a single known user unlock/user re-lock capable phone on the market would again be enough.
          Unfortunately, things like the PSP and IME tend to be secured by signing keys burned into the motherboard chipset (eg. Intel Boot Guard)... so, unless you can un-blow a programming fuse...

          Originally posted by Luke View Post
          Remember: they thought they could control access to movies on Blu-Ray and even on DVD at one time. They thought they could lock consoles until modchips (legal or otherwise) came along.
          Modchips are possible because consoles are mass-produced with identical hardware.

          Comment


          • #6
            Originally posted by phoronix View Post
            Phoronix: TEE Subsystem Proposed For Linux 4.12 Kernel

            Linaro developers are hoping to merge the generic TEE subsystem into the Linux 4.12 kernel this spring...

            http://www.phoronix.com/scan.php?pag...-TEE-Subsystem
            I agree with Luke, this could indeed be used to create a user/owner-trusted environment within their device even if the NSA/FBI have backdoors into the device via the Intel Out-Of-Band services in the Skylake+ blobs.

            Bravo, I would like very much to see this support. And have it as an un-loadable kernel module for when we don't want it, lol.

            Comment


            • #7
              Originally posted by Luke View Post
              How hard would it be given that this is in a Linux kernel to get control of the TEE subsystem to make a system YOU can trust instead of the hardware vendor?
              This is just an interface for a hardware feature, you can use it for what you said, but you can't take control of the security coprocessors doing it. Like for TPMs, anyway.

              Replacing the security coprocessor firmware is not really possible as said above, they are using signed blobs and using secret hardware, and also Intel is very likely to go porcupine on anyone doing serious modding in this area

              They thought they could lock consoles until modchips (legal or otherwise) came along.
              As electronics get more and more integrated, the ability to make modchips shrinks, as you can't make a modchip if all the stuff you need to hack is inside the same silicon.
              Also the complexity is increasing exponentially from hacking consoles or dumb DVD readers.

              Comment


              • #8
                Originally posted by starshipeleven View Post
                And that is bad because? If you buy softwares/services that need this bullshit, you are fine with that.
                It is bad because before software/services wasn't able to do that. Now that they are able to do it, they are and will.
                If you are not fine with it, its not like you have many alternative software/services to chose from.

                All your friends are playing a game, they want to play with you and you want to play it too.
                Either install that game, or be the uncool friend who are left out, not playing with the others, not knowing what they're talking about, or getting new friends?

                You bring home a girl and want to watch to Netflix and chill, oh wait you don't have Netflix.

                You want to enjoy your life and listen to music, and have friends send you links to music on Spotify, then you need Spotify.
                Or you going to bother to hunt down random MP3 files from random shady internet websites?

                Comment


                • #9
                  Originally posted by uid313 View Post

                  It is bad because before software/services wasn't able to do that. Now that they are able to do it, they are and will.
                  If you are not fine with it, its not like you have many alternative software/services to chose from.

                  All your friends are playing a game, they want to play with you and you want to play it too.
                  Either install that game, or be the uncool friend who are left out, not playing with the others, not knowing what they're talking about, or getting new friends?

                  You bring home a girl and want to watch to Netflix and chill, oh wait you don't have Netflix.

                  You want to enjoy your life and listen to music, and have friends send you links to music on Spotify, then you need Spotify.
                  Or you going to bother to hunt down random MP3 files from random shady internet websites?
                  You don't need Spotify to listen to Spotify music links, you can use Tomahawk Player for that.
                  As for Netflix: fair point, but you can also run Netflix on your Smart TV (like we do) so your laptop can stay blob-free then.

                  Comment


                  • #10
                    Originally posted by uid313 View Post
                    It is bad because before software/services wasn't able to do that. Now that they are able to do it, they are and will.
                    Software or media always had the same licenses, this is just better enforcement of it. I don't see how you see better enforcement as bad.

                    When you buy a game or media you are NOT buying the game/media, but only a license to play it from that specific file/support and with many strings attached.

                    The fact that you could break the license by cracking or doing other illegal stuff does not make the license less bad. Because stealing does not mean you "own" stuff, it only makes you a thief.

                    If you are not fine with it, its not like you have many alternative software/services to chose from.
                    That's the only way to keep alternatives alive, so yes, choose alternatives, period.

                    All your friends are playing a game, they want to play with you and you want to play it too.
                    Either install that game, or be the uncool friend who are left out, not playing with the others, not knowing what they're talking about, or getting new friends?
                    Having principles always forced you to make hard choices, welcome to the Grown-up Land.

                    This is called peer pressure and is how many people start smoking, btw. Being able to resist peer pressure is a good thing in Grown-up Land.

                    You bring home a girl and want to watch to Netflix and chill, oh wait you don't have Netflix.
                    This is known in advance so it's reasonable to assume that you plan your time with girls accordingly, or even better you find a girl with similar principles.

                    You want to enjoy your life and listen to music, and have friends send you links to music on Spotify, then you need Spotify.
                    Or you going to bother to hunt down random MP3 files from random shady internet websites?
                    Or buying the song DRM-free from iTunes or Google Play, or using sites dedicated to DRM-free music https://www.defectivebydesign.org/guide/audio

                    Then you can be the one that is sending links to them about music or stores they likely won't have heard/seen and spread the alternatives, which is the only way to fight this battle.
                    Last edited by starshipeleven; 16 March 2017, 06:19 AM.

                    Comment

                    Working...
                    X