Secure deploy of keys

[Diego Zuccato]

Il 15/12/2022 18:15, Toomas Tamm via linux-fai ha scritto:

> Some things that I can imagine that could mitigate such risks would be:
> - Inputting some secret on the physical machine during install (from the keyboard, USB stick, etc). This would defeat the idea of "fully automatic" install.
That's a form of "root of trust".

> - Pre-loading a secret onto hardware (is this what you mean by using TPM?).
Yes. TPM (Trusted Platform Module) is a piece of HW that handles crypto 
keys and should be hard to tamper. At least it would require 
unsupervised physical access to the interior of the machine for quite a 
long time. But once the attacker does have unsupervised physical access 
to the machine, it would be faster to just boot from USB key and extract 
the files. Unless TPM is also used for secure boot, but that's another 
can of worms.

> - Time-limiting the availability of secrets and/or some component of FAI. Most of us probably do not install clients every day, all day.
That shouldn't be too hard. Just make secrets available only during 
install. Once the machine is installed it calls a hook to close the 
access to the secrets.

> - Monitoring of installation processes and flagging abnormal activities. This would not prevent successful attacks, but possible breaches could be patched up, eg keys replaced afterwards.
This seems harder.

-- 
Diego Zuccato
DIFA - Dip. di Fisica e Astronomia
Servizi Informatici
Alma Mater Studiorum - Università di Bologna
V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
tel.: +39 051 20 95786