-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it safe to use a backstop metadata version when initializing trust? #107
Comments
This sounds like a great idea! If I understand correctly it could also improve security for first time downloaders who do not yet have trusted metadata. That being said, we should be careful with the wording in any spec change to avoid requiring any specific configuration of clients. |
This does sound TAP-worthy to me. But I think it could be a very short TAP. :) |
I really like this idea. It reminds me of @trishankatdatadog's suggestion to include a copy of the root metadata, or at least its hash, in the code. This approach would be even better in a file that is attested by trusted boot. I'd love to see a TAP for this. |
This idea is close, but not the same, as the one we've been talking about with regards to pip:
|
While TUF protects against a malicious server tricking a client into rolling back metadata (especially if we can land #106), it doesn't have any protections against an attacker who has local control of the storage device that stores the trusted metadata. In that situation, the attacker could simply replace the trusted metadata with some older version that points at some compromised packages.
On Fuchsia, we support verified boot (see android's documentation for a nice description of it). In short, we establish a chain of trust from a hardware key, which has signed the bootloader, which has signed the kernel, which has signed our critical userspace services. We would like to use this functionality to establish a metadata version backstop to make sure that even if an attacker can modify the local storage, they could only rollback metadata as far back as the backstop version protected by verified boot. If we update this backstop with a high frequency, we can pretty much eliminate the risk of a local rollback attack.
We can think of two approaches for implementing this backstop. First, we can include the backstop metadata in the signed user space image. We would initialize our trust by first loading all the metadata from the immutable signed image, then load the metadata from the mutable storage, then finally load any metadata from the remote repository.
The other idea, but which isn't covered by the spec, we could just bake in the backstop version numbers into the signed user space image. This lets us skip having to actually bake in the metadata in our signed image, which could be useful on a space constrained device. When configured for a backstop, our update flow would be:
Would this be safe to do? If so, I'd be happy to update the spec (or write a TAP) to reflect this change.
The text was updated successfully, but these errors were encountered: