Secure deploy of keys
Diego Zuccato
diego.zuccato at unibo.it
Fri Dec 16 07:17:27 CET 2022
Il 15/12/2022 18:15, Toomas Tamm via linux-fai ha scritto:
> Some things that I can imagine that could mitigate such risks would be:
> - Inputting some secret on the physical machine during install (from the keyboard, USB stick, etc). This would defeat the idea of "fully automatic" install.
That's a form of "root of trust".
> - Pre-loading a secret onto hardware (is this what you mean by using TPM?).
Yes. TPM (Trusted Platform Module) is a piece of HW that handles crypto
keys and should be hard to tamper. At least it would require
unsupervised physical access to the interior of the machine for quite a
long time. But once the attacker does have unsupervised physical access
to the machine, it would be faster to just boot from USB key and extract
the files. Unless TPM is also used for secure boot, but that's another
can of worms.
> - Time-limiting the availability of secrets and/or some component of FAI. Most of us probably do not install clients every day, all day.
That shouldn't be too hard. Just make secrets available only during
install. Once the machine is installed it calls a hook to close the
access to the secrets.
> - Monitoring of installation processes and flagging abnormal activities. This would not prevent successful attacks, but possible breaches could be patched up, eg keys replaced afterwards.
This seems harder.
--
Diego Zuccato
DIFA - Dip. di Fisica e Astronomia
Servizi Informatici
Alma Mater Studiorum - Università di Bologna
V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
tel.: +39 051 20 95786
More information about the linux-fai
mailing list