09-20, 15:10–15:40 (Europe/Berlin), Social Hub Main Room
Flashkeeper: a device that can be permanently installed on common SOIC-8/WSON flash chips.
It attaches to the chip either by being soldered or with a peel-and-stick layer and spring-loaded contacts/low-profile solder-down flex cable (solderless), interfacing with the SPI flash pins for easy PCH<->SPI introspection, write protection, and external reprogramming (unbricking).
For users concerned with physical attacks on their systems, for whom easy access to SPI flash pins may be seen as a risk, a variant including a microcontroller (MCU/FPGA) will also be developed, allowing authenticated external reprogramming and Write Protection (WP) control; independently verifying the SPI flash image/bootstream against a user-controlled detached signature of it at each boot, prior of the platform owner typing any requested secret leading to booting the Operating System (OS): trusting the state of the bootchain.
An Nlnet funded project.
References:
- Firmware Security blog “Stateless Laptop” tag
- [1] (2015) Joanna Rutoswka - State considered harmful - A proposal for a stateless laptop (new paper + conference) – Invisible Labs blog
- (2015) Johanna Rutowska paper: States considered harmful
- (2015) 32c3 - lecture: Towards (reasonably) trustworthy x86 laptops
- TXT untrusted, vt-d promises flawed
- To be “trusted”, would require FOSS SMM to be jailed behind SMI Transfer Mode (STM)
- (2019) OSFC conference - NSA - Eugene Myers - Implementing STM support for Coreboot
- (2019) Digestible high-level article
- [2] (2019) Code merged under coreboot
- STM-PE still not widely deployed in the wild
- [2] (2019) Code merged under coreboot
- [1] (2015) Joanna Rutoswka - State considered harmful - A proposal for a stateless laptop (new paper + conference) – Invisible Labs blog
- [3] (2017) Stateless laptop (QubesOS blog post - level 2 certification envisioned for 2019)
- Never happened. State still considered harmful and untrustworthy.
- [4] (2019) Trammel Hudson - SpiSpy - Open Source SPI emulation
- [5] (2019) Trammel Hudson - TOCTU blog post (and linked lecture)
- Time of Check Time of Use (TOCTU)
- Lots of vulnerability discovered, showing BootGuard failing promises.
- [6] (2019) Trammel Hudson & Peter Bosch - HITB2019AMS – Lecture: TOCTOU Attacks Against Secure Boot And BootGuard
- PCH <-> SPI can be interrupted as needed, here Peter injects speaker interaction to prove that BootGuard can be bypassed https://www.youtube.com/watch?v=hx9MS1_1e2c&t=1587s
- [6] (2019) Peter Bosch - Boot Guard TOCTOU CVE-2019-11098 – blog post
- [6] (2019) Trammel Hudson & Peter Bosch - HITB2019AMS – Lecture: TOCTOU Attacks Against Secure Boot And BootGuard
- Lots of vulnerability discovered, showing BootGuard failing promises.
- Time of Check Time of Use (TOCTU)
- [7] (2019) Trammel Hudson – SpiSpy - Lecture: SPI flash device emulation Open source tools for flash emulation and research
- Permits to see what happens from PCH to SPI
- TOCTU proofs
- Analyse timings, order of read prior of boot rom machine usable
- FPGA needs memory and external power prior of machine powering up to feed emulated SPI image from SpiSpy memory
- Good for R&D
- Not aimed to protect firmware
- Not aimed for end users nor retrofit nor externalize states
- Permits to see what happens from PCH to SPI
- [8] (2019+) Felix Singer & All - BootGuard Status project
- A community driven effort stating which tested platforms don’t come with BootGuard keys unfused/left in manufactoring mode.
- [5] (2019) Trammel Hudson - TOCTU blog post (and linked lecture)
- [9] (2023+) chips supporting WP (lost upstream/in fork) https://github.com/Dasharo/flashrom/commit/94083d038020e749a1712074a5f521d3ed78216b#
Heads maintainer, Accessible Security evangelist, full time Open Source Firmware, linux plumber by need.