We are using resin.io with the Intel NUC image.
Looking for ways to secure the application against an evil hacker with physical access.
What is the chance of seeing TPM support (Trusted platform module) in the near future?
We are using resin.io with the Intel NUC image.
Looking for ways to secure the application against an evil hacker with physical access.
What is the chance of seeing TPM support (Trusted platform module) in the near future?
Hi, what ways are you thinking of using the TPM to secure your application?
We were looking into adding TPM support on device types that have that available, but it’s a work in progress. It’s also would more along the line of securing the OS so far. Hence our question of how would you use that yourself?
Hi
We want to reduce the risk of someone getting access to inspect/change our software. For example as it is now, a person may mount the disk in another system and will then have access to everything thing, e.g. python scripts, configuration files etc.
A solution that requires access to some remote authentication service is not an option. The application must work offline as well.
And I was hoping to use tpm for disk encryption.
Thanks
Any details on what it means that you are “looking into adding TPM support” ?
Any hope on TPM in 2018?
Any feature ticket I can follow?
+1
Any updates? I’m currently working on an application where I’m creating a private key on the TPM (that never leaves the TPM) to sign tokens to identify itself to our cloud tier. I’m not seeing /dev/tpm0
or /dev/tpmrm0
in my application container.
Would it be possible to add TPM support even if Balena doesn’t take advantage of TPM features to secure the OS?
Hi,
as far as I understand, in linux TPM services will be provided by kernel modules. So in any case you would need kernel modules for the balena kernel and a device with TMP support.
I will forward your request to the balena kernel team to see what the status of TPM modules is in balena is.
Regards Thomas
That’s great - thanks Thomas. We’re requiring TPM2.0 hardware in our IoT devices (we’re using Intel NUCs).
Hi @rqdq , yes I would imagine it should be fairly easy to add those modules in the intel builds, and initially balenaOS won’t make use of them. Could you create an issue on the intel-nuc repo here: https://github.com/balena-os/balena-intel and describe the interfaces you expect to see in /dev and if you know which kernel modules need to be enabled, that would be helpful too. Then we should be able to get it added to the image by default.
Thanks @shaunmulligan. Issue created here:
github.com/balena-os/balena-intel
opened by rquackenbush on 2019-06-11
We would like to have TPM 2.0 support in Balena on the Intel NUC platform.
Use Case
We’re using TPM 2.0 modules to…
Awesome, thanks @rqdq
Hi @rqdq , im sure you have been following the issue, but just thought I would follow up here and point out that the changes for this were merged into the intel-nuc BSP repo and should be included in the next release (I think balenaOS 2.38)
That’s great news! Thanks for the update!
Note: 2.32.1+rev1 is available.
Just to be sure (since I started this thread):
The newly introduced change only means that TPM kernel modules are available, but full disk encryption is not possible until BalenaOS supports it, right?
Is full disk encryption on the roadmap?
That is correct. We want to support full disk encryption and trusted boot in the future but we don’t have a concrete timeline to share at this point
Any timeline for supporting full disk encryption? I sense a great need for this also from other users.
What can I use the current TPM support for, as it is?
Can I encrypt the persistent partition resin-data?
Can I provide my source code in the docker image as encrypted files and using TPM to store the decryption key? But isn’t that just false security, anyone can run the docker container and get access to the source?
I have no experience with TPM.
I would be happy to have some sort of stumbling blocks for any entruder, even though it may not be totally secure. I just need it to be as troublesome as possible if someone wants access to the files in the docker image.
Hi,
We don’t have a timeline for full disk encryption yet. A TPM only helps in some cases. Usually secret keys in a TPM are sealed for a specific state of the whole system (which means it will only give access to the secret keys, if the system is running the correct software).
The security measure to apply always depend on the attacker scenario that you want to protect against. Maybe you can elaborate on this a bit? Does an attacker have full physical access to the device, while powered on/off? Can they turn the device on and off as they wish? Do they only have network access to the device? What resources does an attacker have available to break the security measures? What do you want to protect (your source code, cloud credentials like an api key, etc.)?
The most obvious vulnerability right now, is the case where an attacker boots from another media and inspects our SSD disk. I guess he/she has access to everything quite easily.
What are my options?
Hi,
Well this scenario basically needs full secure boot, so a hardware piece (like a TPM), that is only unsealed if the correct software is loaded, starting from the BIOS. Every piece of code has to be measured to unlock access to the keys stored in the TPM until the initrd would decrypt the disk image. As I said earlier we don’t have a timeline for full disk encryption or a secure boot yet.
One thing you could try do now, to at least prevent your device from being booted from some other media, is to setup the allowed boot devices in the BIOS and protect the BIOS of the device.