From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 5796178D for ; Mon, 1 Aug 2016 23:12:18 +0000 (UTC) Received: from mail-vk0-f47.google.com (mail-vk0-f47.google.com [209.85.213.47]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A49E9270 for ; Mon, 1 Aug 2016 23:12:17 +0000 (UTC) Received: by mail-vk0-f47.google.com with SMTP id x130so110427539vkc.0 for ; Mon, 01 Aug 2016 16:12:17 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20160801225638.GE4541@io.lakedaemon.net> References: <1469979098.23563.300.camel@linux.vnet.ibm.com> <1469986138.23563.312.camel@linux.vnet.ibm.com> <20160801172920.GU3296@wotan.suse.de> <20160801202320.GB3296@wotan.suse.de> <20160801205706.GE3296@wotan.suse.de> <20160801225638.GE4541@io.lakedaemon.net> From: Andy Lutomirski Date: Mon, 1 Aug 2016 16:12:15 -0700 Message-ID: To: Jason Cooper Content-Type: multipart/alternative; boundary=001a1143092235ae0e05390abb39 Cc: "ksummit-discuss@lists.linuxfoundation.org" , Kyle McMartin , James Bottomley , Mark Brown , Johannes Berg Subject: Re: [Ksummit-discuss] Last minute nominations: mcgrof and toshi List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a1143092235ae0e05390abb39 Content-Type: text/plain; charset=UTF-8 On Aug 1, 2016 3:56 PM, "Jason Cooper" wrote: > > Hey Andy, Luis, Mimi, > > On Mon, Aug 01, 2016 at 02:14:52PM -0700, Andy Lutomirski wrote: > > Or he could use my old suggestion instead: rather than signing the > > firmware blob itself, sign a little data structure like this: > > > > struct linux_blob_signed_data { > > unsigned char magic[8]; // "LINUXSIG" -- for domain separation in case someone messes up > > uint32_t version; // = 1 > > unsigned char sha256[32]; // SHA256 hash of the blob > > uint32_t type; // what type of thing this is (firmware, etc) > > unsigned char description[]; // the remainder of the structure is "iwlwifi-whatever.ucode", etc. > > }; > > I would include the length of the blob in here as well. That's not a bad idea even though length extension doesn't matter here. If nothing else, it'll help mitigate silly DoS attacks in which a bad guy supplies an insanely large blob. On the other hand, any attacker is probably root and can easily DoS us no matter what. It could make the implementation simpler too, I suppose. If anyone replaced SHA256 with a boneheaded "hash" like Amazon Glacier's, then checking the length is necessary. --001a1143092235ae0e05390abb39 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On Aug 1, 2016 3:56 PM, "Jason Cooper" <jason@lakedaemon.net> wrote:
>
> Hey Andy, Luis, Mimi,
>
> On Mon, Aug 01, 2016 at 02:14:52PM -0700, Andy Lutomirski wrote:
> > Or he could use my old suggestion instead: rather than signing th= e
> > firmware blob itself, sign a little data structure like this:
> >
> > struct linux_blob_signed_data {
> >=C2=A0 =C2=A0unsigned char magic[8];=C2=A0 // "LINUXSIG"= -- for domain separation in case someone messes up
> >=C2=A0 =C2=A0uint32_t version;=C2=A0 // =3D 1
> >=C2=A0 =C2=A0unsigned char sha256[32];=C2=A0 // SHA256 hash of the= blob
> >=C2=A0 =C2=A0uint32_t type;=C2=A0 // what type of thing this is (f= irmware, etc)
> >=C2=A0 =C2=A0unsigned char description[];=C2=A0 // the remainder o= f the structure is "iwlwifi-whatever.ucode", etc.
> > };
>
> I would include the length of the blob in here as well.

That's not a bad idea even though length extension doesn= 't matter here.=C2=A0 If nothing else, it'll help mitigate silly Do= S attacks in which a bad guy supplies an insanely large blob.=C2=A0 On the = other hand, any attacker is probably root and can easily DoS us no matter w= hat.=C2=A0 It could make the implementation simpler too, I suppose.

If anyone replaced SHA256 with a boneheaded "hash"= like Amazon Glacier's, then checking the length is necessary.

--001a1143092235ae0e05390abb39--