[WIP] base: recipes-core: initrdscripts: clear RPMB if aktualizr is configured to use PKCS11 #1115
Conversation
…red to use PKCS11 If aktualizr-lite was configured to used RPMB in order to store it certifactes, the slot used by aktualizr-lite should be cleared in order to prevent keys and certificates for being exposed after a factory reset. Signed-off-by: Bram Vlerick <bram.vlerick@openpixelsystems.org>
|
Still WIP, need to further test but wanted to validate if this would be an acceptable approach. |
|
|
||
| # Reinitializing a PKCS11 token destroys all objects which | ||
| # were associated with that slot. | ||
| pkcs11-tool --module ${ptool_module} --init-token --label "unused" --slot ${AKTUALIZR_SLOT} |
There was a problem hiding this comment.
Here I assume you are using the pkcs11 OP-TEE implementation (due RPMB access), so this call will only really work in a generic way with the right module, as we could have other pkcs11 providers that are not necessarily provided by OP-TEE (e.g. softhsm2, pkcs11-tpm2, etc).
Since we can assume we're using pkcs11 OP-TEE we can search if the module is libckteec, and skip otherwise.
You might also need the sopin to initialize, but needs testing (it is also available in sota.toml if needed).
One other thing, since the pkcs11 OP-TEE implementation requires that the pkcs11 trusted application to be loaded and operational in optee, you will need to make sure tee-supplicant is running before executing this command (libckteec will request the TA to be loaded via tee-supplicant on first access). You can use https://github.com/foundriesio/meta-lmp/blob/main/meta-lmp-base/recipes-core/initrdscripts/initramfs-framework/cryptfs_pkcs11 as a guide, since it is also executed as part of the initrd.
There was a problem hiding this comment.
Here I assume you are using the pkcs11 OP-TEE implementation (due RPMB access), so this call will only really work in a generic way with the right module, as we could have other pkcs11 providers that are not necessarily provided by OP-TEE (e.g. softhsm2, pkcs11-tpm2, etc).
Since we can assume we're using pkcs11 OP-TEE we can search if the module is libckteec, and skip otherwise.
I'm not really familiar with the softhsm2 or tpm2 implementations but if they are both using the PKCS11 interface should this call not be generic? (As long as the right --module parameter is provided)
You might also need the sopin to initialize, but needs testing (it is also available in sota.toml if needed).
Hmm indeed, this call needs an SO pin which will be set during initialisation, No sure if we should re-use the one that was present before or just some static placeholder? I've checked, only the user pin seems to be stored in the sota.toml file. I've got some patches ready to store the hsm_so_pin in fiovb since it's a bit more security sensitive than the user pin but after some testing, even though the spec mentioned when re-initialising you should provide the active SO pin, this does not seem to be enforced in OP-TEE implementation.
One other thing, since the pkcs11 OP-TEE implementation requires that the pkcs11 trusted application to be loaded and operational in optee, you will need to make sure tee-supplicant is running before executing this command (libckteec will request the TA to be loaded via tee-supplicant on first access). You can use https://github.com/foundriesio/meta-lmp/blob/main/meta-lmp-base/recipes-core/initrdscripts/initramfs-framework/cryptfs_pkcs11 as a guide, since it is also executed as part of the initrd.
Thanks for the pointer, I'll have a look at that and add the initialisation.
| fi | ||
| if [ "${keep_docker}" = "true" ]; then | ||
| msg "Keeping current docker content" | ||
| FIND_EXCLUDE="${FIND_EXCLUDE} ! -name 'lib'" | ||
| fi | ||
|
|
||
| cd ${OSTREE_VAR} |
There was a problem hiding this comment.
Not related to this PR, but to help testing this approach you can just call sh and iterate over the commands manually.
Yup, thanks for starting this one, this is the approach I would take as well. |
bravl
changed the title
If aktualizr-lite was configured to used RPMB in order to store it certifactes, the slot used by aktualizr-lite should be cleared in order to prevent keys and certificates for being exposed after a factory reset.