Hi, everyone,
I find that pager uses AES-GCM to protect data sections. I see that the initialization vectors (IVs) used in AES-GCM for every page is initialized to be zero. However, according to the NIST 800 specification [1]: IV should not repeat, otherwise AES-GCM may be vulnerable to the forgery attacks [2]. So I suggest concatenating the physical address of each page (DRAM address) and the IV, then the concatenated IVs will be different for each page.
I also see that pager is removed from many devices, such as i.mx and Hikey. Doesn't OP-TEE support pager any more?
Best Regards, Shijun Zhao
1. Dworkin M. NIST special publication 800-38B[J]. NIST special publication, 2005, 800(38B): 38B. 2. A. Joux, Authentication Failures in NIST version of GCM, Natl. Inst. Stand. Technol. [Web page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Ser....
Hi Zhao,
On Thu, Jun 28, 2018 at 9:29 AM, shijun zhao zqyzsj@gmail.com wrote:
Hi, everyone,
I find that pager uses AES-GCM to protect data sections. I see that the initialization vectors (IVs) used in AES-GCM for every page is initialized to be zero. However, according to the NIST 800 specification [1]: IV should not repeat, otherwise AES-GCM may be vulnerable to the forgery attacks [2]. So I suggest concatenating the physical address of each page (DRAM address) and the IV, then the concatenated IVs will be different for each page.
That's already done, only slightly different at: https://github.com/OP-TEE/optee_os/blob/e7dc41caf2eeb3f4997f6dbb37922c5d4d48...
Note that each physical page has its own rwp assigned to it, so the address of rwp is unique for a particular physical page.
I also see that pager is removed from many devices, such as i.mx and Hikey. Doesn't OP-TEE support pager any more?
OP-TEE supports pager, it's just that for many platforms it doesn't make sense to enable it.
Thanks, Jens
Best Regards, Shijun Zhao
- Dworkin M. NIST special publication 800-38B[J]. NIST special
publication, 2005, 800(38B): 38B. 2. A. Joux, Authentication Failures in NIST version of GCM, Natl. Inst. Stand. Technol. [Web page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Ser.... _______________________________________________ Tee-dev mailing list Tee-dev@lists.linaro.org https://lists.linaro.org/mailman/listinfo/tee-dev
Hi, Wiklander,
Thanks for your reply. It seems that I use outdated OP-TEE sources (version 2.4.0).
For platforms that don't enable pager, is it because that the on-chip SRAM is not big enough to hold the whole pager?
Best Regards, Shijun Zhao Jens Wiklander jens.wiklander@linaro.org 于2018年6月28日周四 下午3:46写道:
Hi Zhao,
On Thu, Jun 28, 2018 at 9:29 AM, shijun zhao zqyzsj@gmail.com wrote:
Hi, everyone,
I find that pager uses AES-GCM to protect data sections. I see that the initialization vectors (IVs) used in AES-GCM for every page is initialized to be zero. However, according to the NIST 800 specification [1]: IV should not repeat, otherwise AES-GCM may be vulnerable to the forgery attacks [2]. So I suggest concatenating the physical address of each page (DRAM address) and the IV, then the concatenated IVs will be different for each page.
That's already done, only slightly different at: https://github.com/OP-TEE/optee_os/blob/e7dc41caf2eeb3f4997f6dbb37922c5d4d48...
Note that each physical page has its own rwp assigned to it, so the address of rwp is unique for a particular physical page.
I also see that pager is removed from many devices, such as i.mx and Hikey. Doesn't OP-TEE support pager any more?
OP-TEE supports pager, it's just that for many platforms it doesn't make sense to enable it.
Thanks, Jens
Best Regards, Shijun Zhao
- Dworkin M. NIST special publication 800-38B[J]. NIST special
publication, 2005, 800(38B): 38B. 2. A. Joux, Authentication Failures in NIST version of GCM, Natl. Inst. Stand. Technol. [Web page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Ser.... _______________________________________________ Tee-dev mailing list Tee-dev@lists.linaro.org https://lists.linaro.org/mailman/listinfo/tee-dev
On Thu, Jun 28, 2018 at 10:29 AM, shijun zhao zqyzsj@gmail.com wrote:
Hi, Wiklander,
Thanks for your reply. It seems that I use outdated OP-TEE sources (version 2.4.0).
This has been more or less unchanged since the introduction of r/w paging.
For platforms that don't enable pager, is it because that the on-chip SRAM is not big enough to hold the whole pager?
Yes and also because DDR may be secure enough for various reasons.
Thanks, Jens
Best Regards, Shijun Zhao Jens Wiklander jens.wiklander@linaro.org 于2018年6月28日周四 下午3:46写道:
Hi Zhao,
On Thu, Jun 28, 2018 at 9:29 AM, shijun zhao zqyzsj@gmail.com wrote:
Hi, everyone,
I find that pager uses AES-GCM to protect data sections. I see that the initialization vectors (IVs) used in AES-GCM for every page is initialized to be zero. However, according to the NIST 800 specification [1]: IV should not repeat, otherwise AES-GCM may be vulnerable to the forgery attacks [2]. So I suggest concatenating the physical address of each page (DRAM address) and the IV, then the concatenated IVs will be different for each page.
That's already done, only slightly different at: https://github.com/OP-TEE/optee_os/blob/e7dc41caf2eeb3f4997f6dbb37922c5d4d48...
Note that each physical page has its own rwp assigned to it, so the address of rwp is unique for a particular physical page.
I also see that pager is removed from many devices, such as i.mx and Hikey. Doesn't OP-TEE support pager any more?
OP-TEE supports pager, it's just that for many platforms it doesn't make sense to enable it.
Thanks, Jens
Best Regards, Shijun Zhao
- Dworkin M. NIST special publication 800-38B[J]. NIST special
publication, 2005, 800(38B): 38B. 2. A. Joux, Authentication Failures in NIST version of GCM, Natl. Inst. Stand. Technol. [Web page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Ser.... _______________________________________________ Tee-dev mailing list Tee-dev@lists.linaro.org https://lists.linaro.org/mailman/listinfo/tee-dev
Hi, Wiklander
For platforms that don't enable pager, is it because that the on-chip SRAM is not big enough to hold the whole pager?
Yes and also because DDR may be secure enough for various reasons.
Do you mean that in mobile devices DRAM and CPU can be put in one package by package-on-package (PoP) technology ? Although this technology can improve the physical security of DRAM, physical attackers still can de-package the SoC and perform board-level attacks, whose cost is not high. For example, attacks on XBOX [1] and DS5002FP [2].
We know that DRAM is vulnerable to cold boot attacks and bus monitor attacks, which makes TrustZone cannot achieve the same security level with Intel SGX. And I think pager is a good technology which makes it possible that TrustZone achieves the same security level as SGX.
I have run pager in i.mx6q board, and find that pager requires more than 180 KB OCM, which might be too large for some devices. Recently I'm doing a research that can reduce the size of code and data residing in OCM (i.e., pager), and current experiment shows that less than 100 KB is enough.
1. Huang A. acking the Xbox: an introduction to reverse engineering[J]. 2002. 2. Kuhn M G. Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP[J]. IEEE Transactions on Computers, 1998, 47(10): 1153-1157.
Best Regards, Shijun Zhao
-
Jens Wiklander -
shijun zhao