lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 5 Aug 2016 22:06:01 +0200
From:	Pavel Machek <pavel@....cz>
To:	Tomas Winkler <tomas.winkler@...el.com>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Ulf Hansson <ulf.hansson@...aro.org>,
	Adrian Hunter <adrian.hunter@...el.com>,
	James Bottomley <James.Bottomley@...senPartnership.com>,
	"Martin K. Petersen" <martin.petersen@...cle.com>,
	Vinayak Holikatti <vinholikatti@...il.com>,
	Andy Lutomirski <luto@...nel.org>,
	Arve Hjønnevåg <arve@...roid.com>,
	Michael Ryleev <gmar@...gle.com>,
	Joao Pinto <Joao.Pinto@...opsys.com>,
	Christoph Hellwig <hch@....de>,
	Yaniv Gardi <ygardi@...eaurora.org>,
	linux-kernel@...r.kernel.org, linux-mmc@...r.kernel.org,
	linux-scsi@...r.kernel.org
Subject: Re: [PATCH v5 0/8] Replay Protected Memory Block (RPMB) subsystem

Hi!

> Few storage technologies such is EMMC, UFS, and NVMe support RPMB
> hardware partition with common protocol and frame layout.
> The RPMB partition cannot be accessed via standard block layer, but by a
> set of specific commands: WRITE, READ, GET_WRITE_COUNTER, and
> PROGRAM_KEY.
> Such a partition provides authenticated and replay protected access,
> hence suitable as a secure storage.

...and that is suitable from locking devices from their owners, as
Nokia N9 (aka brick, because Microsoft turned off support servers)
teached me recently.

So I have to ask -- what are non-evil uses for this?

There were "secure extensions" mentioned before, but my understanding
is that it currently has severe limitations making it unsuitable for
mainline kernel. (IOW you can't event test the functionality if you
are not Intel).
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ