At 03:12 PM 2/18/2015, grarpamp wrote:>On Wed, Feb 18, 2015 at 5:16 PM, Tom Mitchell <mitch at niftyegg.com> wrote: >> The critical stage is the boot ROM (BIOS) and the boot device. >> Once Linux has booted a lot is possible but too much has already taken place. >> A BIOS that allows booting from a Flash memory card must be trusted. >> >> Virtual machines may help or hinder. >> >> The VM is sitting where the man in the middle wants to be and if it wants can protect or expose >> the OSs that it hosts. A VM can protect a hard drive from being infected by blocking vendor >> codes that might try to update or corrupt modern disks of boot flash memory. > >Afaik, all vm's today simply pass through all drive commands. > >It seems a move all the BSD's and Linux could make today, >without waiting on untrustable hardware vendors to roll out signature >verification in hardware, is to simply kernel block all commands >unnecessary to actual production use of the disk. Permit only >from a list of READ, WRITE, ERASE, INQ, TUR, RST, and so on. >Thus every other command component, including firmware update, >vendor specific, and binary fuzzing, gets dropped and logged.???? If the disk drive or flash drive firmware has already been compromised, none of this will work, because the firmware simply waits for the appropriate "legitimate" read & write commands, and does its thing. BTW, what happens with "emulated" disks -- e.g., .vdi files -- in vm's ? Presumably these emulated disks have no firmware to update, so any attempt would either be ignored or crash the system.
On Wed, Feb 18, 2015 at 8:57 PM, Henry Baker <hbaker1 at pipeline.com> wrote:> At 03:12 PM 2/18/2015, grarpamp wrote: >>Afaik, all vm's today simply pass through all drive commands. >> >>It seems a move all the BSD's and Linux could make today, >>without waiting on untrustable hardware vendors to roll out signature >>verification in hardware, is to simply kernel block all commands >>unnecessary to actual production use of the disk. Permit only >>from a list of READ, WRITE, ERASE, INQ, TUR, RST, and so on. >>Thus every other command component, including firmware update, >>vendor specific, and binary fuzzing, gets dropped and logged. > > ???? If the disk drive or flash drive firmware has already > been compromised, none of this will work, because the firmware > simply waits for the appropriate "legitimate" read & write > commands, and does its thing.Obviously. This is only meant to help protect clean systems, or prevent subsequent malicious commands if they happen to go through a user to kernel path that has for some reason not yet been compromised (say through the usual /dev to driver to hardware path).> BTW, what happens with "emulated" disks -- e.g., .vdi files -- > in vm's ? Presumably these emulated disks have no firmware to > update, so any attempt would either be ignored or crash the > system.Depends on how the vm is coded. My guess is vm's that emulate say disk devices, munge those opcodes too. Yes, looking at how virtualbox and even lightweight instances like jails code/handle it could be useful. Try it and see :) In all cases, having the logging capability for non production opcodes without having to postfilter them out of some debugging stream would be nice. Obviously again caveat parts of the system that have not been compromised, and defense in depth.
I would love to be able to program this device myself, instead of relying on Samsung's firmware. BTW, what's the point of AES encryption on this pre-p0wned device? More security theatre? http://hothardware.com/reviews/samsung-portable-ssd-t1-review Samsung Portable SSD T1 Review: Blazing Fast External Storage Utilizing Samsung's proprietary 3D Vertical NAND (V-NAND) technology and a SuperSpeed USB 3.0 interface, the Portable SSD T1 redlines at up to 450MB/s when reading or writing data sequentially, according to Samsung. For random read and write activities, Samsung rates the drive at up to 8,000 IOPS and 21,000 IOPS, respectively. Capacity 1TB (250GB and 500GB also available) Interface Compatible with USB 3.0, 2.0 Dimensions (W x H x D) 71.0 x 9.2 x 53.2 mm Weight Max. 30 grams Transfer Speed Up to 450MB/sec UASP Mode UASP Mode Encryption AES 256-bit Security Password setting (optional) Certification CE, BSMI,KC, VCC, C-tick, FCC, IC, UL, TUV, CB RoHS Compliance RoHS2 Warranty Limited 3 year Price$569 (street) - Find It At Amazon