Re: [PATCH] Enable reset attack mitigation
From: Lukas Wunner
Date: Fri Aug 18 2017 - 16:37:32 EST
On Fri, Aug 18, 2017 at 12:08:34PM -0700, Matthew Garrett wrote:
> On Fri, Aug 18, 2017 at 11:52 AM, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote:
> > So how would that work with, e.g., the keys for your encrypted file
> > system? Surely, you can't expect the kernel to drop that secret when
> > userland asks it to, so there will always be a window where userland
> > has set the variable but the kernel is not ready to drop its secrets
> > yet.
>
> If the kernel doesn't synchronously zero the key when dm-crypt is torn
> down, that feels like a bug?
In the case of a root filesystem layered atop dm-crypt, tearing down
dm-crypt depends on userland, more specifically the init system.
With systemd + dracut it's possible to pivot back into an initrd
on shutdown and this allows for proper teardown of dm-crypt and
subsequent wiping of the key material from memory.
With initramfs-tools this is not possible and to the best of my
knowledge the key material is still resident in memory on shutdown:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778849
Another case where key material may still be resident are IPsec tunnels.
Granted, user space could tear these down as well on shutdown but what
if it doesn't?
The patch itself seems to be of value, perhaps it can be moved forward
if the commit message is rephrased to leave open the contentious issue
if and when memory wiping by the firmware is disabled, to be discussed
separately. I'd vote for a machanism whereby user space signals to the
kernel that it no longer has secrets, and the kernel can then signal to
the firmware that memory need not be cleared if it also no longer holds
secrets. Just my 2 cents anyway.
Thanks!
Lukas