Tag KV slots as whether or not HMAC operations can reveal results to FW #688
Comments
|
the reason we restrict HMAC tag is DICE based KDFs for Alias keys uses: CDI_NextLevel = HMAC(CDI_CurrentLevel, SHA_Measurement_NextLevel); If FW at lower level was compromised, an attacker could exfiltrate entropy for all future keys: for(i=1;;i++) {CDI_Future = HMAC (CDI_Currentlevel, GuestFutureMeasurement[i];} |
|
FW only has access to its own CDI based on its own measurements though. If, say, the FMC is compromised, when we fix the bug we'll update the FMC, and the new FMC will get a new CDI, which the old buggy FMC never had access to. All future CDIs are therefore secure. |
|
Also, I'm not asking that we relax HMAC restrictions on current CDI values. Those can be tagged such that they have the same restrictions as today: HMAC results need to go back to KV. But separate keys can be tagged differently, to allow HMAC results to be exported to firmware, allowing more use-cases than just DICE. |
|
if derived off the CDI there's a need to be careful they don't leak forward secrecy.
Regards,
Bryan
…________________________________
From: Jeff Andersen
Sent: Friday, January 10, 2025 9:07 AM
To: chipsalliance/caliptra-rtl
Cc: Subscribed
Subject: Re: [chipsalliance/caliptra-rtl] Tag KV slots as whether or not HMAC operations can reveal results to FW (Issue #688)
Also, I'm not asking that we relax HMAC restrictions on current CDI values. Those can be tagged such that they have the same restrictions as today: HMAC results need to go back to KV.
But separate keys can be tagged differently, to allow HMAC results to be exported to firmware, allowing more use-cases than just DICE.
—
Reply to this email directly, view it on GitHub<#688 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABQNTHVENNH5DKR76AOTU4D2J746VAVCNFSM6AAAAABU5EQFPGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOBTGI4DENJVGY>.
You are receiving this because you are subscribed to this thread.
|
Currently, if a key is in a KV slot, the result of an HMAC operation cannot be revealed to FW. This limits the utility of KV. It would be neat if ROM/FW could tag a given KV slot as saying whether future HMAC operations on that key can have their results revealed to FW.
The text was updated successfully, but these errors were encountered: