<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7226.0">
<TITLE>security review of Hardware spec</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">I've looked at the Hardware spec from a security point of view and have the following comments/questions:</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">PLT.1.1</FONT> <FONT SIZE=2 FACE="Helvetica">AdvancedTCA IPMI Support</FONT><FONT SIZE=2 FACE="Arial">:</FONT>
<UL>
<P><FONT SIZE=2 FACE="Arial">This requirement doesn't specify a revision to the IPMI v1.5 spec., the most current of which is rev 1.1.</FONT>
<BR><FONT SIZE=2 FACE="Arial">Should this be 1.5 _or better_ (as specified in PMT.1.0)?</FONT>
</P>
</UL>
<P><FONT SIZE=2 FACE="Arial">PLT.1.x:</FONT>
<UL>
<P><FONT SIZE=2 FACE="Arial">There should be a requirement that, for a system that supports IPMI, that CGL require the user to enter an IPMI username and password either at installation time or first boot. The defaults presented to the user should be for MD5 authentication. CGL should also set the IPMI configuration, at installation time or first boot, to require per-message authentication and user level authentication.</FONT></P>
</UL>
<P><FONT SIZE=2 FACE="Arial">PLT.1.3</FONT> <FONT SIZE=2 FACE="Helvetica">AdvancedTCA Latch-opening Event Handling</FONT><FONT SIZE=2 FACE="Helvetica">:</FONT>
<UL>
<P><FONT SIZE=2 FACE="Helvetica">There should be a separate requirement added that specifies that these events are logged securely.</FONT>
</P>
</UL>
<P><FONT SIZE=2 FACE="Helvetica">FMW.1.1</FONT> <FONT SIZE=2 FACE="Helvetica">Fast System Boot</FONT><FONT SIZE=2 FACE="Helvetica">:</FONT>
<UL>
<P><FONT SIZE=2 FACE="Helvetica">There should be a separate requirement added that specifies that if this option is used that this fact should be securely logged (as this bypasses some checks that may have security implications).</FONT></P>
</UL>
<P><FONT SIZE=2 FACE="Helvetica">HWM.1.1</FONT> <FONT SIZE=2 FACE="Helvetica">CPU Throttle</FONT><FONT SIZE=2 FACE="Helvetica">:</FONT>
<UL>
<P><FONT SIZE=2 FACE="Helvetica">This requirement should also specify that any power/voltage/frequency settings are within the allowed range for the hardware.</FONT></P>
</UL>
<P><FONT SIZE=2 FACE="Helvetica">HWM.2.x</FONT>
<UL>
<P><FONT SIZE=2 FACE="Helvetica">There should be a requirement added that requires that, for a system with a v1.1 TPM, the BIOS, BIOS boot block, etc. must conform to the measurement requirements of sections 1.3.4 and 2.2 of the "TCG PC Specific Implementation Specification", Version 1.1, August 18, 2003 (</FONT><A HREF="https://www.trustedcomputinggroup.org/downloads/TSS_Version__1.1.pdf"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Helvetica">https://www.trustedcomputinggroup.org/downloads/TSS_Version__1.1.pdf</FONT></U></A><FONT SIZE=2 FACE="Helvetica">).</FONT></P>
</UL>
<P><FONT SIZE=2 FACE="Helvetica">HWM.2.1 Boot-loader Integrity Checking:</FONT>
<UL>
<P><FONT SIZE=2 FACE="Helvetica">This requirement, as I understand it, is really two requirements: 1) that the boot-loader measures OS and configuration data into a PCR and 2) that the boot-loader make some type of check of these values (presumably to record or deny if a variance is found). If so, it should be split into two requirements.</FONT></P>
<P><FONT SIZE=2 FACE="Helvetica">Measuring an operating system, while being a "good thing" is very difficult to do in a meaningful way. There is research on this (some specifically focused on Linux) but nothing that provides a comprehensive set of measurements. It would, however, be practical to measure the kernel image, though this would not include dynamically loaded modules.</FONT></P>
<P><FONT SIZE=2 FACE="Helvetica">As to the boot-loader validating the measurements, this creates the need for another requirement about how the acceptable configuration values are securely entered and updated. Such a requirement might be:</FONT></P>
<UL>
<P><FONT SIZE=2 FACE="Helvetica">OSDL CGL specifies that the boot-loader will provide a user with a keystroke method for initiating an integrity configuration mode during boot. When entered, this mode will allow the user to manage the set of allowed kernel integrity values. The set of allowed kernel integrity values must be sealed (by the TPM) to the system configuration of the boot-loader before being persisted to storage. The boot-loader must unseal these values before it validates the measured configuration. Should the boot-loader be unable to retrieve the sealed values or unable to unseal the values, it should fail to continue the boot process and should notify the user.</FONT></P>
</UL>
<P><FONT SIZE=2 FACE="Helvetica">Now in order to make the measurements most useful, a remote system should attest to the system configuration after all of the measurements have been made (or an attacker could simply replace the validating boot-loader with one that does not perform any checks). This is probably best left as an add-on for administrators that wish to use such a mechanism.</FONT></P>
</UL>
<P><FONT SIZE=2 FACE="Helvetica">FMW.1.3 PXE Boot over IPv6:</FONT>
<BR> <FONT SIZE=2 FACE="Helvetica">It should be specified that PXE boot should be disabled by default.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Joseph Cihula</FONT>
<BR><FONT SIZE=2 FACE="Arial">(Linux) Software Security Architect</FONT>
<BR><FONT SIZE=2 FACE="Arial">Intel Corp.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">*** These opinions are not necessarily those of my employer ***</FONT>
</P>
</BODY>
</HTML>