|
|
Subscribe / Log in / New account

Rutkowska: State considered harmful - A proposal for a stateless laptop

[Posted December 24, 2015 by corbet]

Qubes OS creator Joanna Rutkowska has announced a new paper [PDF] describing a stateless laptop design that, she thinks, will address a number of the security problems she sees as being inherent in the Intel architecture. "The Trusted Stick, a small device of a 'USB stick' or an SD card form factor, is an element that the user always carries with themselves and which contains all the 'state' for the platform. This includes the (encrypted) user files and platform configuration. It also is expected to carry all the software and – what is unique as of today – firmware for the platform, and also enforce read-onlyness of these."
to post comments

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 24, 2015 16:28 UTC (Thu) by ledow (guest, #11753) [Link] (1 responses)

Great. So we shove something containing the entire state into lots of (untrusted?) machines and port it round with us.

Doesn't sound like a virus vector at all.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 24, 2015 16:38 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

Well, no - you treat it exactly like you'd treat an existing laptop, but you can keep the state on you more easily than you can keep an entire laptop on you. If you have reason to believe that an existing piece of hardware is no longer trustworthy, you discard it and use a new one instead.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 24, 2015 17:46 UTC (Thu) by amacater (subscriber, #790) [Link]

Thankfully, we can get 4TB USB cards and 1TB SD cards which are so cheap that they are throwaway - and we trust the dock at home and at work and in the coffee shop ...

Nice idea but the likelihood of it is as small as my local coffee retailer providing an HDMI screen, keyboard and mouse for me to plug in my Raspberry Pi while I'm there.

That being said, the idea is a good one - statelessness is a good thing in some situations.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 25, 2015 0:13 UTC (Fri) by jcm (subscriber, #18262) [Link]

This has a 0% chance of working in the real world. It's a cute weekend hack, but carrying around platform firmware is the last thing a real user is going to do. Every platform is different. Firmware contains a lot of hardware initialization and workaround code that is loaded - in addition to that NSA backdoor folks are terrified of. If you want to carry firmware, great, go build an open laptop and all of that jazz. You'll sell 10 of them (maybe). And you'll have the right to wear a tinfoil hat and claim victory. Meanwhile, the real world in which none of this actually makes sense or works will go on.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 25, 2015 11:49 UTC (Fri) by rsidd (subscriber, #2582) [Link] (15 responses)

So nice to see all the Christmas positivity in the above comments. A few points in response to those:
  • This is not a stick that one would plug into a generic computer. It would require special-purpose dumb hardware (the point is to remove all untrustworthy elements from the hardware including all firmware). So, no, not a virus vector.
  • No, the paper nowhere talks about trusting the dock in the coffee shop. The whole point is that the computer it works with should have no internal state, including firmware. If you use a random computer, the point is lost. And the title actually says "laptop" not "dock". You would own the stateless hardware as well as the "trusted stick" (though you could use the stick with someone else's hardware too). It is conceivable that it could work with stateful laptops that are specially designed to optionally boot with this stick, and in that case presumably the design of the chip will prevent it from accessing the laptop's state in any way -- otherwise, again, the point is lost -- but that is not discussed in the paper (afaict).
  • If you need 4TB of storage, it discusses a possible design for having a trusted internal hard disk, instead of getting rid of the hard disk entirely.
  • It sounds to me like it is not meant to be a mass-market device. It is for those who are near-paranoid about security (ie, not most of us, but some people have good reason to be). Though the author clearly believes that we would all benefit.
But isn't it great fun to comment on something without actually reading it or trying to understand it? Season's greetings everybody.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 25, 2015 13:22 UTC (Fri) by ledow (guest, #11753) [Link] (14 responses)

And how does the device know that what it's being plugged into is dumb hardware?

At some point the device has to execute and trust that the underlying hardware is not playing tricks behind its back, like say sniffing memory and extracting encryption keys that it uses, etc.

If you can only use it on hardware you own / control, what do you gain over just using a laptop that you own / control? I really can't see anything. All you've done is removed the hard drive and are carrying around a LiveCD with you, in effect. As you can't verify the hardware, and the firmware is so specific (please note ALMOST ALL INTEL CHIPS nowadays require closed-source firmware on your motherboard in order to operate), all you've done is made yourself a bootable CD that works on your particular laptop. It won't work anywhere else, you can't trust it anywhere else, and you don't even have the "2-factor" security of an attacker needing to get hold of both the storage device AND the hardware - if they get hold of the hardware, they can compromise it as normal, if they can get hold of the storage device, they can emulate access to it the same as before.

It's a LiveCD for, say, a Raspberry Pi (though even that has closed-source elements in its firmware, I believe). And, to be honest, rather than flag themselves as a user of this project, someone THAT paranoid would rather buy an anonymous Raspberry Pi (or any of the myriad comparable devices nowadays). I honestly don't get what's gained by use of this project.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 25, 2015 13:36 UTC (Fri) by rsidd (subscriber, #2582) [Link] (13 responses)

'Tis the season to be angry without RTFA'ing, it seems.

>And how does the device know that what it's being plugged into is dumb hardware?

Chapter 3. You're supposed to pick the hardware. This stick will not boot generic hardware.

>If you can only use it on hardware you own / control, what do you gain over just using a laptop that you own / control?

Chapter 2.

>ALMOST ALL INTEL CHIPS nowadays require closed-source firmware on your motherboard in order to operate

Page 8.

Seriously, why not just read the thing and then come back here?

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 25, 2015 20:31 UTC (Fri) by ledow (guest, #11753) [Link] (8 responses)

1) So you're back to using hardware you trust and separating your own state. LiveCD on a laptop again.
2) The only reason given is that you don't get pre-installed malware on the laptop. Well... that's not a problem for anyone sensible who just wipes hardware clean on arrival (I speak as someone with a network full of Lenovo laptops and desktops that have not a single byte of their original factory install left - except for the first of each model, the rest don't even get to boot from the factory disk!). And if you are genuinely pulling all firmware OUT of the device (good luck! Coreboot etc. haven't been able to do it to most models of computer that exist, and newer ones are only getting worse), then you are back to installing SOME firmware to make it work. All you've done is shifted the malware from "pre-installed" to "user has to install to use their device".
3) Basically "Let's gloss over this massive and glaring problem that's the prime target for factory-installed malware being able to do anything on the processor without any kind of inspection possible, that's also the prime block for projects like Coreboot etc. GETTING CLOSE to booting on the majority of modern boards with Intel processors".

Sorry, I just don't see what your point is here. The questions aren't answered. This is a LiveCD on a laptop you own. You can do that now, today, with reasonable amounts of support for hardware, and with the same amount of "freedom" as above. But this is pushing - as we all are - for firmwareless systems so you can work even more this way. If/when those appear, wouldn't we just LiveCD from them or, better still, just verify their firmware and then use them as "normal" laptops?

It's a pipe dream that, in all significant aspects, already exists to the same extent on the machine you wrote your post on if you go and download a LiveCD and put it on a USB stick.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 25, 2015 20:40 UTC (Fri) by mjg59 (subscriber, #23239) [Link] (7 responses)

> All you've done is shifted the malware from "pre-installed" to "user has to install to use their device".

Argh. No. Are you sure you've read the article?

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 26, 2015 2:37 UTC (Sat) by rsidd (subscriber, #2582) [Link] (6 responses)

Clearly he hasn't, since he's still talking about off-the shelf laptops.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 26, 2015 12:21 UTC (Sat) by khim (subscriber, #9252) [Link] (5 responses)

He does not talks about off-the shelf laptops. He compares them to a proposed solution. AFIACS proposed solution includes TWO trusted components: “stateless laptop” and “trusted stick”. And BOTH are trusted. And are extremely tightly tied to each other. Which, naturally, raises the question: what's the point? What do we achieve by introducing all that complexity?

Remove the ridiculous idea to physically separate these two and suddenly article makes sense: it explains how could we use off-the-shelf components yet still build a system which we could trust to some degree. Separation of “trusted, state-off-the-art, off-the-shelf but stateless components” (CPU, HDD, WiFi) from “trusted, stateful, but not state-of-the-art purposefully built components” makes a sense then: if our “off-the-shelf components” don't have a place to store a state then it's much harder to imagine a malware injected into them and if our stateful components don't need to be state-of-the-art then we could have many more suppliers which makes the whole thing more secure.

But as presented: trusted security stick plus trusted laptop the whole thing just makes no sense. And AIACS that's pointless “novelty” is the only new thing which is in said article.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 26, 2015 12:59 UTC (Sat) by rsidd (subscriber, #2582) [Link] (4 responses)

>Separation of “trusted, state-off-the-art, off-the-shelf but stateless components” (CPU, HDD, WiFi)

You missed the part about off-the-shelf CPUs, HDDs and wifis not being stateless. And the reason for moving the SPI firmware to the stick, constructing a stateless HDD, proposed solutions for wifi/networking.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 26, 2015 13:23 UTC (Sat) by khim (subscriber, #9252) [Link] (3 responses)

You missed the part about off-the-shelf CPUs, HDDs and WiFis not being stateless.

That's why I've said: “components”, not “parts”. They all use stateless components and stateful components, but these could be separated still because flash and fast CPUs are just using different technological processes.

The idea to move all the state from these parts into a separate, better-controlled piece looks sensible to me, but the idea to make it possible to separate that piece from the rest just does not make a sense. If you want to support all the possible bazillion combinations of CPUs, HDDs and WiFis then your “trusted codebase” would be extremely massive and, more importantly, will need regular updates (which would defeat the whole idea), and if you want to only support one particular set of “stateless components” then physical separation will just make your whole construct less reliable.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 26, 2015 15:36 UTC (Sat) by rsidd (subscriber, #2582) [Link] (2 responses)

Well, think of it as logical separation then, but the physical separation is a minor step that helps enforce the logical separation (if you have logical separation in the same unit, they may tend to mix over time/iterations). At least, that's how I see it.

Who would use such a device? Hardly anyone, just as hardly anyone uses Qubes OS (I don't) -- but the people who do include Dan Bernstein and other security-conscious people. But, because such people use it and promote the ideas, and also because of all the negative NSA publicity recently, some of these ideas may seep into the mainstream (just as it is becoming standard for websites to use https by default).

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 28, 2015 21:14 UTC (Mon) by drag (guest, #31333) [Link] (1 responses)

The point he is trying to make isn't that it's 'too extreme' for normal users... it's just that it doesn't make sense or provide any significant advantages over just having 'open' versions of the hardware.

So you remove any 'state' from the mainboard and assign it to your flash drive. What is the big win here?

The only advantage that I see is that the state preserved on the flash drive is much easier for you to control, observe or manipulate. Besides that it still has all the same pitfalls that occur with state on the mainboard or processor. You've just moved it's location, but didn't change it's nature.

Would this be a big win over, say, storing state on your laptop that is easily observable and verifiable?

Imagine instead you have a laptop were the state is stored on the system itself, but the system is easily monitored through a standardized interface. You can, during run time, examine the contents of any onboard flash via JTAG (or something similar) or have the ability to snoop on cpu instructions in the wifi via similar interface.

Would storing state on a flash drive provide a superior result then something like that? I know that it will be much more cost effective to achieve this situation then coming up with a brand new approach to designing computers. You could probably _almost_ do this right now with off the shelf components and custom mainboard.

Hardware and onboard firmware doesn't have to be a black box even though it generally is.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 29, 2015 19:02 UTC (Tue) by nix (subscriber, #2304) [Link]

Again I wonder if you read the article. The point of state on the stick is to make it possible to enforce read-onliness in an obvious way that the laptop, no matter how compromised, cannot negate, and to make it easy to replace contaminated sticks with known-good copies. JTAG observability provides neither of these capabilities.

As for 'snoop on CPU instructions in the wifi', how do you do *that* with an x86? You don't, of course... which means you suddenly need your own chip fab.

Page 8

Posted Dec 25, 2015 23:27 UTC (Fri) by JesseW (subscriber, #41816) [Link] (2 responses)

I've read page 8, and I'm not sure either 1) what the question was that is supposedly answered there, or 2) what the answer is.

The question was quoted as:
> ALMOST ALL INTEL CHIPS nowadays require closed-source firmware on your motherboard in order to operate

which is a statement, not a question. As a statement, it seems to be partially agreed with by the paper, as stated here (on page 9)
> [The platform’s firmware-carrying flash chip] provides the firmware to the Intel ME processor. Failure to do so would, most likely, result in the platform shutdown.

That quote doesn't explicitly mention that the firmware is closed source, but I don't think that part of the original statement is disputed by the paper.

As such, I'm still really unsure what this part of the original comment (by ledow) was asking, and what on page 8 rsidd thought was responsive to it. Clarification by either of them (or others) would be welcome.

Page 8

Posted Dec 26, 2015 2:35 UTC (Sat) by rsidd (subscriber, #2582) [Link] (1 responses)

So continue on to page 9!

Short answer -- yes, the SPI firmware is required and the computer cannot boot without it. You have to trust the firmware. But to make sure it is in your hands, they propose a way to put it on the "trusted stick" so that it can't be tampered with (unless the tampering is at Intel's end, which one can really do nothing about, I suppose). Advantages are listed at the end of page 9 and the beginning of page 10.

Page 8

Posted Dec 26, 2015 3:03 UTC (Sat) by JesseW (subscriber, #41816) [Link]

Cool, that was more or less what I thought, having read more of the paper now. Thanks for making it explicit. The paper does discuss some ways to work around possible corruption from Intel, on page 27:
> We would like to treat most of the platform firmware as untrusted. ... While it should be obvious why Intel ME should be considered untrusted, ... it is currently very difficult (impossible?) to have a truly open source BIOS which would not need to execute Intel-provided blobs such as the Intel FSP.
> The trick of keeping the platform’s firmware on the trusted stick is a game-
changer here, because we can be reasonably confident the stick will: 1) imple-
ment proper read-only protection, this way stopping any potential flash-persisting
attacks originating from the platform, and 2) even if the firmware was to be
somehow malicious, the construction of our stateless laptop leaves no places for
the malware to store any data stolen from the user.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Jan 10, 2016 17:15 UTC (Sun) by ksandstr (guest, #60862) [Link]

> This stick will not boot generic hardware.

How, exactly, will it fail to boot a generic computer that's acting as though it were special hardware, or is actually the special hardware but with a badguy-reflashed Über-BIOS? Why is the computer reporting its relevant bits accurately? Unless there's a TPM-alike in there somewhere, one that can be verified[0] to never collude with an attacker.

My point here is that regardless of how software is set up (on whichever side of any bus), it's broadly pointless to try and definitively solve boot security: for example, the USB controller hardware could be recording every keystroke right now. The downsides of pervasive signing and verification (such as what Microsoft experimented with in Vista) are so massive, and the gains so meager[1], that solutions like that will end up perceived as unpracticably extreme.

[0] down to its silicon layout, presumably
[1] the "most likely backdoored for a decade, just in case" tier

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 26, 2015 5:01 UTC (Sat) by gnu (guest, #65) [Link]

The Plan 9 "terminal" is a similar concept but not with the stated aims of the OP. Coupled with the Plan 9 auth server, and a CPU server which also runs in "the cloud" (they didn't call it cloud back then) and a nice way to compose namespace from various distributed machines, it achieves what any modern desktop would achieve.

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 26, 2015 21:49 UTC (Sat) by aleXXX (subscriber, #2742) [Link] (2 responses)

I somehow don't like articles/papers/whatever which have the title "this and that considered harmful".
To me this always sounds like the author thinks he knows better than the rest of the world, and this is usually not the case. :-/

...me goes writing "Using Qt designer considered harmful" ;-)

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 27, 2015 0:50 UTC (Sun) by flewellyn (subscriber, #5047) [Link]

I will just leave this here:

“Considered Harmful” Essays Considered Harmful

Rutkowska: State considered harmful - A proposal for a stateless laptop

Posted Dec 27, 2015 0:51 UTC (Sun) by alkadim (guest, #104623) [Link]

I just learnt where this comes from:
The jargon file: http://www.catb.org/jargon/html/C/considered-harmful.html
Wikipedia: https://en.wikipedia.org/wiki/Considered_harmful

Best realistic current bet: Chromebooks

Posted Dec 27, 2015 6:12 UTC (Sun) by b7j0c (guest, #27559) [Link] (1 responses)

They aren't completely stateless...but Chromebooks are probably about as close to this model as you can get and still market the device to non-technical consumers.

Best realistic current bet: Chromebooks

Posted Jan 14, 2016 9:41 UTC (Thu) by hitmark (guest, #34609) [Link]

Or basically recreate the C64.

Flip the power on that thing and it was perfectly stateless.


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds