Sorry, you need to enable JavaScript to visit this website.

Security technologies and the Minnowboard Max

vzimmer's picture

Overview

This note describes the background on security usages on the Minnowboard Max [2] platform based upon EDK II-based [1] firmware [3] and silicon firmware. The features include implementations of UEFI [3] Secure Boot and TCG [4] Measured Boot.

Background

The need for these security technologies and value have been discussed in various venues, including recent security conferences [6]. At this conference, the ability to have open source implementations of the features was reviewed as an opportunity to engage with developers and researchers, both to show the design intent of the standards reduced to practice and allow for developer, maker, and researcher innovation. As such, the implementation of these features on Minnowboard MAX are not ‘on-by-default’ nor is the underlying UEFI firmware locked down,in order to allow exploration and experimentation.

Modern OS’ today have increased capabilities to leverage TPM chipset support. For example, Microsoft recently announced that Windows 10 supports TPMs [25].

The implementation of the features are in the Security Package of EDK II [7][8]. The capabilities, like all features of UEFI and TCG, are OS-agnostic. As such, UEFI Secure boot has been evolved by the Linux community, too [9].

On the Minnowboard MAX, the UEFI Secure Boot default keys are not provisioned, but there are various solutions to create the keying material [10][11][26]. Since the MAX doesn't have pre-provisioned keys, like a PK and KEK, work flows like [26] will allow for experimentation with the feature.

An overview of UEFI Secure Boot and Measured boot [12][13] can be found, along with implementation descriptions of the SecurityPkg [8] in various write ups [14][15][16]. Android use of UEFI Secure Boot [28] has been enabled, too.

The 0.79 release of the Minnowboard MAX firmware already supports UEFI Secure Boot [19], too.

The above description of Measured Boot, which leverages the Trusted Platform Module (TPM) [5][17], can be implemented with either a discrete or an integrated TPM. Chapter 7 of [18] describes Intel® Platform Trust Technology (PTT), which is an instance of the integrated TPM. As noted in this same chapter, the Baytrail SoC that is used on Minnowboard MAX is one hardware device that supports PTT.

PTT is implemented in the SoC itself, namely with a combination of hardware and the SEC/TXE firmware [19]. The only update from [18] description is that the PTT on Minnowboad MAX will support the TPM 2.0 command set [5], not TPM 1.2. A good description of the TPM2.0 capabilities can also be found in [21].  Various OS support for Measured Boot is available, too [22][23].

From enabling the community, the above-listed SEC/TXE firmware binary is distinct from the UEFI PI-based firmware modules. As such the 0.79 release of the MinnowMax firmware doesn’t include a richer SEC/TXE binary that enables PTT, but a future MinnowMax release is exploring enabling this feature for the community. This upcoming support includes the ability to integrate the PTT-ready SEC/TXE firmware binary into the full solution.  With this in hand, a future release of the MinnowMax board firmware can include updated UEFI DXE drivers to support TCG Measured Boot on PTT [15][20] alongside UEFI Secure Boot.

This PTT-based measured boot is now available in the .80 firmware release [27].

SoC devices often use I2C and SPI attached TPM's, too. Support for these additional buses can be added to the community project in the future, too, by TPM vendors and others. 

Conclusion

Open hardware and security are not mutually exclusive. Openness in both the hardware design and firmware allows for community based collaboration and review. Given the defender's dilemma [6] wherein the defender has to get everything right, but the attacker only has to find a single flaw, openness allows for enabling Linus's Law "given enough eyeballs, all bugs are shallow" [24].

References

[1] EFI Developer Kit II (EDK II) http://www.tianocore.org/edk2/

[2] Minnowboard MinnowMax project http://elinux.org/Minnowboard:MinnowMax

[3] Minnowboard MAX firmware http://firmware.intel.com/projects/minnowboard-max

[4] Unified Extensible Firmware Interface (UEF) http://www.uefi.org

[5] Trusted Computing Group (TCG) http://www.trustedcomputinggroup.org  

[6] Vincent Zimmer, “UEFI, Open Platforms, and the Defender’s Dilemma,” CanSecWest 2015, March 18, 2015, https://cansecwest.com/slides/2015/UEFI%20open%20platforms_Vincent.pptx

[7] SecurityPkg wiki http://tianocore.sourceforge.net/wiki/SecurityPkg

[8] EDK II Security Package https://github.com/tianocore/edk2-SecurityPkg

[9] Gary Lin, Philip Oswald, Vincent Zimmer, “UEFI Secure Boot in Linux,” Intel Developer Forum, San Francisco, September 11, 2013 http://intelstudios.edgesuite.net/idf/2013/sf/aep/STTS002/STTS002.html  

[10] Microsoft, “Secure Boot Key Generation”, https://technet.microsoft.com/en-us/library/dn747881.aspx

[11] James Bottomley, “UEFI Secure Boot”, http://blog.hansenpartnership.com/uefi-secure-boot/  

[12] Vincent Zimmer, Shiva Dasari, Sean Brogan, “Trusted Platforms:  UEFI, PI, and TCG-based firmware,” Intel/IBM whitepaper, September 2009, http://www.cs.berkeley.edu/~kubitron/courses/cs194-24-S14/hand-outs/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf    

[13] Magnus Nystrom, Martin Nicholes, Vincent Zimmer, "UEFI Networking and Pre-OS Security," in Intel Technology Journal - UEFI Today:  Boostrapping the Continuum, Volume 15, Issue 1, pp. 80-101, October 2011, ISBN 978-1-934053-43-0, ISSN 1535-864X http://www.intel.com/content/www/us/en/research/intel-technology-journal/2011-volume-15-issue-01-intel-technology-journal.html

[14] Lee Rosenbaum, Vincent Zimmer, “A Tour Beyond BIOS into UEFI Secure Boot,” July 2012 http://sourceforge.net/projects/edk2/files/General%20Documentation/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf/download

[15] Jiewen Yao, Vincent Zimmer, “A Tour Beyond BIOS Implementing TPM2 Support in EDKII”, September 2014 https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Implementing_TPM2_Support_in_EDKII.pdf

[16] Jiewen Yao, Vincent Zimmer, “A Tour Beyond BIOS Implementing UEFI Authenticated Variables in SMM with EDK II,” September 2014 https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Implementing_UEFI_Authenticated_Variables_in_SMM_with_EDKII.pdf

[17] Trusted Platform Module http://en.wikipedia.org/wiki/Trusted_Platform_Module

[18] Xiaoyu Ruan, “Platform Embedded Security Technology”, Apress 2014 http://www.apress.com/apressopen/9781430265719

[19] MinnowBoard MAX release notes http://firmware.intel.com/sites/default/files/MinnowBoard.MAX_.0.79.BIN-ReleaseNotes.txt

[20] Measured Boot implementation in EDK II https://github.com/tianocore/edk2-SecurityPkg/tree/master/Tcg

[21] Will Arthur, David Challener, “A Practical Guide to TPM 2.0,” APress 2015 http://www.apress.com/9781430265832

[22] Linux TPM 2.0 support http://www.phoronix.com/scan.php?page=news_item&px=MTgxNDg

[23] Windows TPM 2.0 support https://technet.microsoft.com/en-us/library/jj131725.aspx

[24] Linus's Law http://en.wikipedia.org/wiki/Linus%27s_Law

[25] Microsoft, "Building More Secure Windows 10 Devices with the TPM," March 19, 2015,  http://channel9.msdn.com/Events/WinHEC/2015/WHT208

[26] Signing Applications and Drivers for UEFI Secure Boot, Version 1.0, April 2012 

http://www.mirrorservice.org/sites/downloads.sourceforge.net/e/ed/edk2/General%20Documentation/SigningUefiImages%20-v1dot0.pdf

[27] 0.80 MinnowBoard Max release 

https://firmware.intel.com/sites/default/files/MinnowBoard.MAX_.0.80.BIN-ReleaseNotes.txt

[28] Android and use of UEFI Secure Boot 

https://lwn.net/Articles/638627/

https://events.linuxfoundation.org/images/stories/slides/abs2013_boie.pdf