TBM: Trusted boot module: NLNet sponsored (open hardware) trusted boot module

Presented at Still Hacking Anyway (SHA2017), Aug. 4, 2017, 10:20 p.m. (60 minutes)

The Trusted Boot Module is an open hardware module that enables all kind of devices (routers, embedded boards, laptops, desktops) to boot to a trusted state by loading only trusted code - while keeping the owner of the hardware in control. #PhysicalSecurity #DeviceSecurity The TBM project is an initiative of Whitebox Systems, supported by NLNet Foundation. It is designed to attempt to prevent permanent remote compromise of individual (ARM-based) systems that operate in decentralised networks, but can also work on a smaller scale - for personal devices: laptops, routers, servers, etc. The TBM is packaged as an hardware module external from the ARM processor based system. The TBM requires that a system can boot from a medium that can be forced read-only (e.g. SPI NOR Flash, like most motherboards, laptops, servers and routers) in addition to a UART connection. The TBM board will be open hardware and the software running on the TBM will be open source. The owner (user) of the hardware is in control of the TBM -- the owner is not locked out. The TBM does not attempt to prevent against attacks from local (physical) attackers. It is not an implement of UEFI nor is it a 'classical' TPM. The TBM will bring a system into a known trusted state. It does not make guarantees about the system after bringing it to the initial trusted state, until a reboot - it will then ensure the system is brought to a trusted state again, effectively making remote attacks temporary with no effective way to install a permanent backdoor. The TBM attempts to prevent downgrade attacks, allows for flexible key management (if required), and can, in the most flexible configuration, require multiple parties to sign software that is to be trusted. Combined with reproducible builds, we hope to show that one can construct (and remotely update) secure systems for decentralised systems/networks, within reasonable limitations. The system is aimed to be used, initially in a pilot setting, in the Whitebox system - a decentralized system for controllable exchange of medical information.

Presenters:

• Merlijn B.W. Wajer
  Merlijn Wajer finished his Bachelor of Computer Science at the University of Amsterdam and is currently pursuing a Master of Science in Computational Science at the same university. He loves working on free and open source software. Next to his academical adventures, he is one of the founders of the “Hart voor Internetvrijheid” foundation, a foundation dedicated to protecting anonymity online. He is also a board member at the Amsterdam Hackerspace “Technologia Incognita”.
• Guido van 't Noordende
  Guido van 't Noordende is founder/director of Whitebox Systems, a spin-off of the University of Amsterdam specializing in decentralized, secure, privacy-friendly communication tools for healthcare. Before starting Whitebox Systems in 2013, he was a postdoc at the UvA. Guido van 't Noordende holds a PhD from Vrije Universiteit, where he studied at the Computer Systems department with Frances Brazier and Andrew S. Tanenbaum.

Links:

• https://program.sha2017.org/events/280.html

Similar Presentations:

• 32C3 (2015) / Beyond Anti Evil Maid: Making it easier to avoid low-level compromise, and why you'll still lose
• Black Hat Asia 2019 / Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with the Napper
• DEF CON 14 (2006) / Trusted Computing: Could it be... SATAN?