From nobody Sat Nov 12 19:40:37 2022 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N8mCZ2JZGz4flZq for ; Sat, 12 Nov 2022 19:41:14 +0000 (UTC) (envelope-from s.adaszewski@gmail.com) Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N8mCY4mWFz3kNC for ; Sat, 12 Nov 2022 19:41:13 +0000 (UTC) (envelope-from s.adaszewski@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=bBTVLWfF; spf=pass (mx1.freebsd.org: domain of s.adaszewski@gmail.com designates 2607:f8b0:4864:20::f33 as permitted sender) smtp.mailfrom=s.adaszewski@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-qv1-xf33.google.com with SMTP id mi9so5564563qvb.8 for ; Sat, 12 Nov 2022 11:41:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=CYBy11FTHGl+Ww0eI7dAy5kPKkmVGvEXK7xLPJe8mgc=; b=bBTVLWfFpx8tXt5ObuthqEQ4zFuFeJKsHA948mNF5w36ogm5CoyvhUsCw64ZS8rPdN A8+Ydy8caJkT3SaT24vrJgSNmGHgJW0unJUwqSzk12zFQ1Sov37fkeADToJP4iVVzIIx 1uYFm+G315QJ6+/ZmjseOmJpMSmGBAVa4EbT88ywqAvOcwHu/E0wohQ+AbusvnT4w+J6 HC4m6gA2ni/8rEzmBXxZsmj+Msb9urQ6CL0r6sZ2ta5B7hB65uL48RM4fTpqdgPnjOqt HF+LUHOl8bkDfCtIzpUD+1pjyjf/g5HIHhIcW/1VTgFbDe7tG6TS7Zga0a5U2G4KnJOb BqRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=CYBy11FTHGl+Ww0eI7dAy5kPKkmVGvEXK7xLPJe8mgc=; b=YdufHi7D5mn7VI5jLpanZQRTnsY5JNrWuJHKBl9eQJXmGLx2eJX+xddl6nRa3QQMb+ IKl/xmYgsnvngXpXFG7xX+pACfEa5LOj1cC4pYSMQlYAEktwTJu7y2j1vep+KVmouSNp xYD0BxKuH5uGIQL87v2q59zTm5H9bhmB2G+uTJL/FLzN17rh0NM12iH1OJNjADimdAhm 0DZMU+IaEAeOJUulWivDZKH6Og4KEJS2Ln3zkKKvtCOGTQi9YP03vcy4H6W38CIlP8xG Cub/cq+x68tVtohm67nja2iDqT4zjNgrv7KbeY/pPCenybOG17dUXzX+OKSatemgmBFd 597Q== X-Gm-Message-State: ANoB5pmYtYGOga2gF6VvIX/kweOHUC8HMGuWUjk0j90S1MryztGpqJ35 7vWHAGCKDJSMLfOOTnb9Fzq9iWU80J0RVZ35+FLrWWcTpKo= X-Google-Smtp-Source: AA0mqf6qoYVKAwQqIlWCenSlws/0lAadVDlG0cl8qyn1qyIebZBr5YZWJXwySi4EIKuS5uOX6bML2TGvycb3a5lGdxg= X-Received: by 2002:a0c:e841:0:b0:4bb:de25:e988 with SMTP id l1-20020a0ce841000000b004bbde25e988mr6973152qvo.131.1668282073028; Sat, 12 Nov 2022 11:41:13 -0800 (PST) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 From: Stanislaw Adaszewski Date: Sat, 12 Nov 2022 20:40:37 +0100 Message-ID: Subject: EFI loader - GELI secrets in memory exposed on exit() ? To: FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.99 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.997]; NEURAL_HAM_MEDIUM(-1.00)[-0.996]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; RCPT_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f33:from]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; TAGGED_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; TO_DN_ALL(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; HAS_WP_URI(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; DKIM_TRACE(0.00)[gmail.com:+]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4N8mCY4mWFz3kNC X-ThisMailContainsUnwantedMimeParts: N Dear All, Could someone with FreeBSD EFI loader knowledge please confirm my impression that currently the memory is not cleared in any way upon a call to exit() / efi_exit() in the EFI loader? This means that if the loader (for whatever reason) exits instead of booting, the next UEFI boot entry might be able to read any secrets left over on the heap (i.e. GELI passphrase / key)? Would adding explicit_bzero() before efi_main.c:44 [1] address this and other such "cold boot" concerns? This scenario is particularly clumsy because for "resets" the Platform Reset Mitigation can be engaged (and does engage by default if TPM is owned) but a simple "exit" from an UEFI app is different. For example multiple UEFI apps can simply run one after another from the UEFI Shell, clearly without zero-ing out all of the physical memory. Thoughts? Thank you for your time and consideration. PS. The work on automatically booting GELI-encrypted installs using TPM2 using more standard TPM provisioning (Shrared Storage Key) is almost finished [3]. It works quite beautifully and actually allows to store the key instead of the passphrase which is faster (avoids computation) and also largely avoid messy use of environment variables AND EFI variables for config are no longer used, instead relying on files in /efi/freebsd/gkut2. GKUT2 stands for GELI Key Using TPM2. The question above is clearly related to GKUT2 in particular. [1] https://github.com/freebsd/freebsd-src/blob/main/stand/efi/loader/efi_main.c#L44 [2] https://trustedcomputinggroup.org/wp-content/uploads/Platform-Reset-Attack-Mitigation-Specification.pdf [3] https://github.com/sadaszewski/freebsd-patch-geli-password-from-tpm2/tree/decrypt Best regards, -- Stanislaw