Issue metadata
Sign in to add a comment
|
Security: Vulnerable SRK may survive in case of interrupted TPM firmware update |
||||||||||||||||||||||
Issue descriptionSpin-off from issue 854576 In case of owner-authorized TPM firmware update, we weren't always performing a TPM clear after update (see issue 854576 for details), leading to a situation where the vulnerable SRK would remain in place after update installation. We should surface this situation to the user somehow. Tentative plan is to show a notification. This requires testing the SRK for the ROCA form, surfacing this information to Chrome, and showing UI if appropriate. Estimated number of affected devices is a couple hundred based on UMA stats indicating TPM firmware update success after retry. Setting Severity-Medium given that the SRK isn't exposed directly and you need either physical access or a root exploit to get to it.
,
Aug 10
,
Aug 10
,
Aug 14
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184 commit fc3ff8b861acbcf340b5bfbb5b088f977ed2a184 Author: Mattias Nissler <mnissler@chromium.org> Date: Tue Aug 14 15:53:13 2018 cryptohome: Indicate SRK ROCA vulnerability in TPM status. This adds a version of the algorithm to check RSA moduli for the ROCA structure that has been exploited to break these keys. The result of the test is exposed in TPM status information retrievable via DBus to allow Chrome to consume it. BUG= chromium:872746 TEST=New unit test. Change-Id: Ibfe282c1822293345e8d7be5792f00497b983779 Reviewed-on: https://chromium-review.googlesource.com/1169207 Commit-Ready: Mattias Nissler <mnissler@chromium.org> Tested-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/tpm_manager_v1.cc [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/tpm2_impl.cc [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/tpm_impl.cc [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/tpm_manager_v2.cc [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/cryptolib_unittest.cc [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/cryptolib.cc [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/tpm_manager.cc [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/tpm_impl.h [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/service.cc [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/tpm.h [modify] https://crrev.com/fc3ff8b861acbcf340b5bfbb5b088f977ed2a184/cryptohome/cryptolib.h
,
Aug 14
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/43e61362246f273b65b4ab66c436fcf7345c9ef5 commit 43e61362246f273b65b4ab66c436fcf7345c9ef5 Author: Mattias Nissler <mnissler@chromium.org> Date: Tue Aug 14 23:05:43 2018 infineon-firmware-updater: Expose SRK ROCA vulnerability status This extends tpm-firmware-check.sh to record SRK ROCA vulnerability status as determined by cryptohomed in a flag file. This allows the result to be easily consumed by existing logic in session_manager and Chrome that already looks at the existing update location file. BUG= chromium:872746 TEST=Boot system with vulnerable SRK, check existence of /run/tpm_firmware_update_srk_vulnerable_roca Change-Id: Ia9f38cb9aed32af20275d9c4d3a605e7df4de3db Reviewed-on: https://chromium-review.googlesource.com/1172682 Commit-Ready: Mattias Nissler <mnissler@chromium.org> Tested-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [rename] https://crrev.com/43e61362246f273b65b4ab66c436fcf7345c9ef5/chromeos-base/infineon-firmware-updater/infineon-firmware-updater-1.1.2459.0-r28.ebuild [modify] https://crrev.com/43e61362246f273b65b4ab66c436fcf7345c9ef5/chromeos-base/infineon-firmware-updater/files/tpm-firmware-check.sh
,
Aug 14
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/3df8e65b2b058e2d03b8ea298758f60e852bdf16 commit 3df8e65b2b058e2d03b8ea298758f60e852bdf16 Author: Mattias Nissler <mnissler@chromium.org> Date: Tue Aug 14 23:06:33 2018 login: Handle "cleanup" TPM firmware update mode This adds a mode that allows Chrome to trigger cleanup, which boils down to a request to perform another TPM clear to flush out a vulnerable SRK. BUG= chromium:872746 TEST=new unit tests Change-Id: I7827999ebc5abd59f2487249f4b904319c84481c Reviewed-on: https://chromium-review.googlesource.com/1172683 Commit-Ready: Mattias Nissler <mnissler@chromium.org> Tested-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Dan Erat <derat@chromium.org> [modify] https://crrev.com/3df8e65b2b058e2d03b8ea298758f60e852bdf16/login_manager/session_manager_impl.cc [modify] https://crrev.com/3df8e65b2b058e2d03b8ea298758f60e852bdf16/login_manager/session_manager_impl_unittest.cc [modify] https://crrev.com/3df8e65b2b058e2d03b8ea298758f60e852bdf16/login_manager/session_manager_impl.h
,
Aug 15
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5c45f7e358ff2870ec52c47b2bc9e84376ce111f commit 5c45f7e358ff2870ec52c47b2bc9e84376ce111f Author: Mattias Nissler <mnissler@chromium.org> Date: Wed Aug 15 09:50:31 2018 Add TPM firmware update mode "cleanup" Edge cases have been discovered where the TPM firmware update completes successfully after interruption, but leaves the TPM in a state where the SRK is still vulnerable. This adds support for a new "cleanup" mode that is available when the system flags a vulnerable SRK on an updated system. BUG= chromium:872746 TEST=Extended existing unit tests. Change-Id: I4fd5dab72961d9cac4b985b688ebff6740317111 Reviewed-on: https://chromium-review.googlesource.com/1172685 Commit-Queue: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Cr-Commit-Position: refs/heads/master@{#583207} [modify] https://crrev.com/5c45f7e358ff2870ec52c47b2bc9e84376ce111f/chrome/browser/chromeos/login/screens/reset_screen.cc [modify] https://crrev.com/5c45f7e358ff2870ec52c47b2bc9e84376ce111f/chrome/browser/chromeos/tpm_firmware_update.cc [modify] https://crrev.com/5c45f7e358ff2870ec52c47b2bc9e84376ce111f/chrome/browser/chromeos/tpm_firmware_update.h [modify] https://crrev.com/5c45f7e358ff2870ec52c47b2bc9e84376ce111f/chrome/browser/chromeos/tpm_firmware_update_unittest.cc [modify] https://crrev.com/5c45f7e358ff2870ec52c47b2bc9e84376ce111f/chrome/browser/ui/webui/chromeos/login/core_oobe_handler.cc [modify] https://crrev.com/5c45f7e358ff2870ec52c47b2bc9e84376ce111f/chrome/browser/ui/webui/settings/browser_lifetime_handler.cc [modify] https://crrev.com/5c45f7e358ff2870ec52c47b2bc9e84376ce111f/chrome/common/chrome_paths.cc [modify] https://crrev.com/5c45f7e358ff2870ec52c47b2bc9e84376ce111f/chrome/common/chrome_paths.h
,
Aug 15
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0ef395bf1213601a8cd50a86f360734751245c0e commit 0ef395bf1213601a8cd50a86f360734751245c0e Author: Mattias Nissler <mnissler@chromium.org> Date: Wed Aug 15 23:41:21 2018 Add TPM firmware update notification. This new notification alerts the user about a pending TPM firmware update for the device and directs them to the about page to trigger update installation. We currently only show the notification for a case where the user has already decided to install the update, but another powerwash is required to clear a vulnerable key that may have remained in some cases. BUG= chromium:872746 TEST=Manual Change-Id: Id0bf5146d411af1741bb35f7e6d4c8d2437a0080 Reviewed-on: https://chromium-review.googlesource.com/1175794 Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Commit-Queue: Mattias Nissler <mnissler@chromium.org> Cr-Commit-Position: refs/heads/master@{#583444} [modify] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/app/chromeos_strings.grdp [modify] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/browser/chromeos/BUILD.gn [modify] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/browser/chromeos/login/session/chrome_session_manager.cc [modify] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/browser/chromeos/login/session/user_session_manager.cc [modify] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/browser/chromeos/preferences.cc [add] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/browser/chromeos/tpm_firmware_update_notification.cc [add] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/browser/chromeos/tpm_firmware_update_notification.h [modify] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/common/pref_names.cc [modify] https://crrev.com/0ef395bf1213601a8cd50a86f360734751245c0e/chrome/common/pref_names.h
,
Aug 16
Notification code landed in time for M70. Given the amount of changes required for the notification and that we're including strings, an M69 merge isn't really realistic, updating milestone labels.
,
Aug 16
,
Oct 15
,
Nov 22
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mnissler@chromium.org
, Aug 9