Hello Masato Fukumori,
To check a "validity period" of a X 509 certificate, you must be sure that your system date & time is set, correct and not changed. Do you have a reliable way to achieve this?
Best regards, Andrej Butok
From: TF-A tf-a-bounces@lists.trustedfirmware.org On Behalf Of fukumori.masato--- via TF-A Sent: Thursday, December 10, 2020 2:23 PM To: 'tf-a@lists.trustedfirmware.org' tf-a@lists.trustedfirmware.org Subject: [TF-A] Question about validity period of X509 certificate
Hello.
I have a question about checking the X 509 certificate with tf-a. My understanding is that tf-a does not check the "validity period" of the X 509 certificate. I 'm not sure why tf-a doesn't check. Does anyone know this background?
Best Regards, Masato Fukumori
Hello Andrej
I think one way is implement RTC as a secure RTC, and configure it by secure entity like BMC. Is there a reliability issue with this?
Best Regards, Masato Fukumori
From: Andrej Butok andrey.butok@nxp.com Sent: Thursday, December 10, 2020 10:33 PM To: Fukumori, Masato/福森 将人 fukumori.masato@fujitsu.com Cc: tf-a tf-a@lists.trustedfirmware.org Subject: RE: Question about validity period of X509 certificate
Hello Masato Fukumori,
To check a "validity period" of a X 509 certificate, you must be sure that your system date & time is set, correct and not changed. Do you have a reliable way to achieve this?
Best regards, Andrej Butok
From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> On Behalf Of fukumori.masato--- via TF-A Sent: Thursday, December 10, 2020 2:23 PM To: 'tf-a@lists.trustedfirmware.org' <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: [TF-A] Question about validity period of X509 certificate
Hello.
I have a question about checking the X 509 certificate with tf-a. My understanding is that tf-a does not check the "validity period" of the X 509 certificate. I 'm not sure why tf-a doesn't check. Does anyone know this background?
Best Regards, Masato Fukumori
Hello Masato Fukumori,
So, we need a “secure” RTC, a “secure” entity to initialize/set it before the RTX can be used. And it should be ready from very beginning, during a secure boot. Yes, this check may be enabled.
Thanks, Andrej
From: fukumori.masato@fujitsu.com fukumori.masato@fujitsu.com Sent: Thursday, December 10, 2020 2:59 PM To: Andrej Butok andrey.butok@nxp.com Cc: tf-a tf-a@lists.trustedfirmware.org Subject: RE: Question about validity period of X509 certificate
Hello Andrej
I think one way is implement RTC as a secure RTC, and configure it by secure entity like BMC. Is there a reliability issue with this?
Best Regards, Masato Fukumori
From: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com> Sent: Thursday, December 10, 2020 10:33 PM To: Fukumori, Masato/福森 将人 <fukumori.masato@fujitsu.commailto:fukumori.masato@fujitsu.com> Cc: tf-a <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: RE: Question about validity period of X509 certificate
Hello Masato Fukumori,
To check a "validity period" of a X 509 certificate, you must be sure that your system date & time is set, correct and not changed. Do you have a reliable way to achieve this?
Best regards, Andrej Butok
From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> On Behalf Of fukumori.masato--- via TF-A Sent: Thursday, December 10, 2020 2:23 PM To: 'tf-a@lists.trustedfirmware.org' <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: [TF-A] Question about validity period of X509 certificate
Hello.
I have a question about checking the X 509 certificate with tf-a. My understanding is that tf-a does not check the "validity period" of the X 509 certificate. I 'm not sure why tf-a doesn't check. Does anyone know this background?
Best Regards, Masato Fukumori
Hello Andrej
Let me add an additional explanation. I use the term of “secure” RTC to mean: - From host CPU side, the RTC could be accessed only by secure access. - The RTC does not integrated in SoC. - The RTC is connected by external bus like I2C to CPU and BMC. - The RTC is configured by BMC before starting a secure boot.
Let me ask you a question from another point of view. If tf-a does not check the validity period, are there any security concern? I am particularly concerned about the security of debug certificates. I know tf-a does not support debug certificate, but if tf-a does, I think some protection is needed because debug certificate does not have tolerance against replay attack at least in my recognition.
Best Regards, Masato Fukumori
From: Andrej Butok andrey.butok@nxp.com Sent: Thursday, December 10, 2020 11:31 PM To: Fukumori, Masato/福森 将人 fukumori.masato@fujitsu.com Cc: tf-a tf-a@lists.trustedfirmware.org Subject: RE: Question about validity period of X509 certificate
Hello Masato Fukumori,
So, we need a “secure” RTC, a “secure” entity to initialize/set it before the RTX can be used. And it should be ready from very beginning, during a secure boot. Yes, this check may be enabled.
Thanks, Andrej
From: fukumori.masato@fujitsu.commailto:fukumori.masato@fujitsu.com <fukumori.masato@fujitsu.commailto:fukumori.masato@fujitsu.com> Sent: Thursday, December 10, 2020 2:59 PM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com> Cc: tf-a <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: RE: Question about validity period of X509 certificate
Hello Andrej
I think one way is implement RTC as a secure RTC, and configure it by secure entity like BMC. Is there a reliability issue with this?
Best Regards, Masato Fukumori
From: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com> Sent: Thursday, December 10, 2020 10:33 PM To: Fukumori, Masato/福森 将人 <fukumori.masato@fujitsu.commailto:fukumori.masato@fujitsu.com> Cc: tf-a <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: RE: Question about validity period of X509 certificate
Hello Masato Fukumori,
To check a "validity period" of a X 509 certificate, you must be sure that your system date & time is set, correct and not changed. Do you have a reliable way to achieve this?
Best regards, Andrej Butok
From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> On Behalf Of fukumori.masato--- via TF-A Sent: Thursday, December 10, 2020 2:23 PM To: 'tf-a@lists.trustedfirmware.org' <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: [TF-A] Question about validity period of X509 certificate
Hello.
I have a question about checking the X 509 certificate with tf-a. My understanding is that tf-a does not check the "validity period" of the X 509 certificate. I 'm not sure why tf-a doesn't check. Does anyone know this background?
Best Regards, Masato Fukumori
Hello Masato Fukumori,
I am particularly concerned about the security of debug certificates.
As I know, on-chip secure debug is using challenge/response authentication mechanism. It means a certificate is not sent to MCU/MPU device. But certificates are used by debug tools on PC side, so these tools can check this period.
Best regards, Andrej
From: fukumori.masato@fujitsu.com fukumori.masato@fujitsu.com Sent: Friday, December 11, 2020 1:56 AM To: Andrej Butok andrey.butok@nxp.com Cc: tf-a tf-a@lists.trustedfirmware.org Subject: RE: Question about validity period of X509 certificate
Hello Andrej Let me add an additional explanation. I use the term of “secure” RTC to mean: - From host CPU side, the RTC could be accessed only by secure access. - The RTC does not integrated in SoC. - The RTC is connected by external bus like I2C to CPU and BMC. - The RTC is configured by BMC before starting a secure boot.
Let me ask you a question from another point of view. If tf-a does not check the validity period, are there any security concern? I am particularly concerned about the security of debug certificates. I know tf-a does not support debug certificate, but if tf-a does, I think some protection is needed because debug certificate does not have tolerance against replay attack at least in my recognition.
Best Regards, Masato Fukumori
From: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com> Sent: Thursday, December 10, 2020 11:31 PM To: Fukumori, Masato/福森 将人 <fukumori.masato@fujitsu.commailto:fukumori.masato@fujitsu.com> Cc: tf-a <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: RE: Question about validity period of X509 certificate
Hello Masato Fukumori,
So, we need a “secure” RTC, a “secure” entity to initialize/set it before the RTX can be used. And it should be ready from very beginning, during a secure boot. Yes, this check may be enabled.
Thanks, Andrej
From: fukumori.masato@fujitsu.commailto:fukumori.masato@fujitsu.com <fukumori.masato@fujitsu.commailto:fukumori.masato@fujitsu.com> Sent: Thursday, December 10, 2020 2:59 PM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com> Cc: tf-a <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: RE: Question about validity period of X509 certificate
Hello Andrej
I think one way is implement RTC as a secure RTC, and configure it by secure entity like BMC. Is there a reliability issue with this?
Best Regards, Masato Fukumori
From: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com> Sent: Thursday, December 10, 2020 10:33 PM To: Fukumori, Masato/福森 将人 <fukumori.masato@fujitsu.commailto:fukumori.masato@fujitsu.com> Cc: tf-a <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: RE: Question about validity period of X509 certificate
Hello Masato Fukumori,
To check a "validity period" of a X 509 certificate, you must be sure that your system date & time is set, correct and not changed. Do you have a reliable way to achieve this?
Best regards, Andrej Butok
From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> On Behalf Of fukumori.masato--- via TF-A Sent: Thursday, December 10, 2020 2:23 PM To: 'tf-a@lists.trustedfirmware.org' <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: [TF-A] Question about validity period of X509 certificate
Hello.
I have a question about checking the X 509 certificate with tf-a. My understanding is that tf-a does not check the "validity period" of the X 509 certificate. I 'm not sure why tf-a doesn't check. Does anyone know this background?
Best Regards, Masato Fukumori
tf-a@lists.trustedfirmware.org
-
Andrej Butok -
fukumori.masato@fujitsu.com