diff options
Diffstat (limited to 'chromium/docs/website/site/chromium-os/tpm_firmware_update/index.md')
-rw-r--r-- | chromium/docs/website/site/chromium-os/tpm_firmware_update/index.md | 467 |
1 files changed, 0 insertions, 467 deletions
diff --git a/chromium/docs/website/site/chromium-os/tpm_firmware_update/index.md b/chromium/docs/website/site/chromium-os/tpm_firmware_update/index.md deleted file mode 100644 index e26e225b854..00000000000 --- a/chromium/docs/website/site/chromium-os/tpm_firmware_update/index.md +++ /dev/null @@ -1,467 +0,0 @@ ---- -breadcrumbs: -- - /chromium-os - - Chromium OS -page_name: tpm_firmware_update -title: 'Trusted Platform Module firmware vulnerability: technical documentation' ---- - -[TOC] - -## Vulnerability description - -There is a bug in certain Infineon TPM firmware versions which results in RSA -keys generated by the TPM being vulnerable to an attack that allows to recover -the private half of the RSA key from just the public key. The researchers who -found the vulnerability have published high-level information here: -<https://crocs.fi.muni.cz/public/papers/rsa_ccs17>. Currently known exploits are -computationally expensive; specifically, for RSA keys of bit size 2048, the -researchers give an estimate of 140.8 CPU years to break a single key. Note that -this figure might drop as more researchers look at the attack. At the current -point in time, it means TPM-generated RSA keys can't be broken at large scale, -but targeted attacks are possible. To summarize: There exists a practical attack -against TPM-generated RSA keys, but it doesn't allow large-scale exploitation of -Chrome OS devices. - -## Impacted features - -Chrome OS relies on TPM-generated RSA keys for a number of features: - - Slowing down brute-force attacks against encrypted user data. The page - [Protecting Cached User - Data](/chromium-os/chromiumos-design-docs/protecting-cached-user-data) - describes this in more detail. The vulnerability allows the attacker to - brute-force the encryption key (bit size 2048) off-device. However, note - that off-device brute-force attacks are only advantageous against strong - passwords - weak passwords are still less expensive to brute-force against - the TPM regardless of whether it runs vulnerable firmware or not. - - Hardware-backed encryption keys / certificates. Chrome OS allows users to - generate and import RSA keys that are protected by the TPM so the main OS - can't access the private key. These keys are typically accompanied by a - certificate and then used in network authentication, such as WPA2-EAP, HTTPS - client authentication, etc. The vulnerability allows attackers to determine - the private key. The bit size of generated and imported keys depends on - parameters. The bit sizes supported by Chrome OS for TPM-backed keys are - 1024 or 2048. You can check key sizes for certificates backed by TPM keys at - chrome://settings/certificates. - - Chrome OS [Verified - Access](https://support.google.com/chrome/a/answer/7156268) allows network - services to verify client device integrity and identity. TPM-generated RSA - keys (bit size 2048) are used in the certification process. Attackers can - exploit the vulnerability to break an "Attestation Identity Key", which - allows them to impersonate a legit device from an endpoint of their choice. - -## Mitigations - -In Chrome OS M60, we strengthened Chrome OS user data protection using the -scrypt password hashing scheme to act as a second line of defense even in case -the brute-force protection afforded by the TPM is lost. Users were automatically -upgraded to the new scheme behind the scenes without user-observable effects. -This measure guarantees adequate protection of encrypted user data for users -that use strong passwords. If your password isn't strong, now is a good time to -fix this - the risk involved with using a weak password generally transcends -Chrome OS and affects other places that store sensitive data. - -For hardware-backed encryption keys and Verified Access, mitigations are -technically infeasible without losing the hardware binding, and thus breaking -the feature. The only supported path to restore the designed security strength -for these features is to update TPM firmware. - -See below for advice on whether and when to update TPM firmware. - -## Affected TPM firmware versions - -You can check the TPM firmware running on your device by looking at the -firmware_version line of the tpm_version entry in chrome://system. If the -tpm_version entry is absent, this is likely because you are running an old -Chrome OS version which doesn't report this information. Upgrade to a newer -version and check again. - -Vulnerable firmware versions used on Chrome OS are (listing the firmware_version -value from chrome://system as well as the human-readable version number): - -* 000000000000041f - 4.31 -* 0000000000000420 - 4.32 -* 0000000000000628 - 6.40 -* 0000000000008520 - 133.32 - -Fixed firmware versions are as follows: - -* 0000000000000422 - 4.34 -* 000000000000062b - 6.43 -* 0000000000008521 - 133.33 - -## Affected devices - -With the exception of older devices that use the Infineon SLB 9635 TPM, all -Chrome OS devices that include an Infineon TPM chip are affected. Here is the -complete list of affected devices with code names and marketing names: - -* asuka - Dell Chromebook 13 3380 -* auron-paine - Acer Chromebook 11 (C740) -* auron-yuna - Acer Chromebook 15 (CB5-571) -* banjo - Acer Chromebook 15 (CB3-531) -* banon - Acer Chromebook 15 (CB3-532) -* buddy - Acer Chromebase 24 -* candy - Dell Chromebook 11 (3120) -* caroline - Samsung Chromebook Pro -* cave - ASUS Chromebook Flip C302 -* celes - Samsung Chromebook 3 -* chell - HP Chromebook 13 G1 -* clapper - Lenovo N20 Chromebook -* cyan - Acer Chromebook R11 (CB5-132T / C738T) -* daisy-skate - HP Chromebook 11 2000-2099 / HP Chromebook 11 G2 -* daisy-spring - HP Chromebook 11 1100-1199 / HP Chromebook 11 G1 -* edgar - Acer Chromebook 14 (CB3-431) -* elm - Acer Chromebook R13 (CB5-312T) -* enguarde - ASI Chromebook -* enguarde - Crambo Chromebook -* enguarde - CTL N6 Education Chromebook -* enguarde - Education Chromebook -* enguarde - eduGear Chromebook R -* enguarde - Edxis Education Chromebook -* enguarde - JP Sa Couto Chromebook -* enguarde - Lenovo N21 Chromebook -* enguarde - M&A Chromebook -* enguarde - RGS Education Chromebook -* enguarde - Senkatel C1101 Chromebook -* enguarde - True IDC Chromebook -* enguarde - Videonet Chromebook -* expresso - Bobicus Chromebook 11 -* expresso - Consumer Chromebook -* expresso - Edxis Chromebook -* expresso - HEXA Chromebook Pi -* falco - HP Chromebook 14 -* gandof - Toshiba Chromebook 2 (2015 Edition) -* glimmer - Lenovo ThinkPad 11e Chromebook -* gnawty - Acer Chromebook 11 (C730 / C730E) -* gnawty - Acer Chromebook 11 (C735) -* guado - ASUS Chromebox CN62 -* hana - Lenovo N23 Yoga/Flex 11 Chromebook -* hana - Poin2 Chromebook 14 -* heli - Haier Chromebook 11 G2 -* kefka - Dell Chromebook 11 Model 3180 -* kefka - Dell Chromebook 11 3189 -* kevin - Samsung Chromebook Plus -* kip - HP Chromebook 11 2100-2199 / HP Chromebook 11 G3 -* kip - HP Chromebook 11 2200-2299 / HP Chromebook 11 G4/G4 EE -* kip - HP Chromebook 14 ak000-099 / HP Chromebook 14 G4 -* lars - Acer Chromebook 11 (C771, C771T) -* lars - Acer Chromebook 14 for work (CP5-471) -* leon - Toshiba Chromebook -* link - Google Chromebook Pixel -* lulu - Dell Chromebook 13 7310 -* mccloud - Acer Chromebox -* monroe - LG Chromebase 22CB25S -* monroe - LG Chromebase 22CV241 -* ninja - AOPEN Chromebox Commercial -* nyan-big - Acer Chromebook 13 (CB5-311) -* nyan-blaze - HP Chromebook 14 x000-x999 / HP Chromebook 14 G3 -* nyan-kitty - Acer Chromebase -* orco - Lenovo 100S Chromebook -* panther - ASUS Chromebox CN60 -* peach-pi - Samsung Chromebook 2 13" -* peach-pit - Samsung Chromebook 2 11" -* peppy - Acer C720 Chromebook -* quawks - ASUS Chromebook C300 -* reks - Lenovo N22 (Touch) Chromebook -* reks - Lenovo N23 Chromebook -* reks - Lenovo N23 Chromebook (Touch) -* reks - Lenovo N42 (Touch) Chromebook -* relm - Acer Chromebook 11 N7 (C731) -* relm - CTL NL61 Chromebook -* relm - Edxis Education Chromebook -* relm - HP Chromebook 11 G5 EE -* relm - Mecer V2 Chromebook -* rikku - Acer Chromebox CXI2 -* samus - Google Chromebook Pixel (2015) -* sentry - Lenovo Thinkpad 13 Chromebook -* setzer - HP Chromebook 11 G5 / HP Chromebook 11-vxxx -* squawks - ASUS Chromebook C200 -* sumo - AOpen Chromebase Commercial -* swanky - Toshiba Chromebook 2 -* terra - ASUS Chromebook C202SA -* terra - ASUS Chromebook C300SA/C301SA -* tidus - Lenovo ThinkCentre Chromebox -* tricky - Dell Chromebox -* ultima - Lenovo ThinkPad 11e Chromebook 3rd Gen (Yoga/Clamshell) -* veyron-fievel - AOpen Chromebox Mini -* veyron-jaq - Haier Chromebook 11 -* veyron-jaq - Medion Akoya S2013 -* veyron-jaq - True IDC Chromebook 11 -* veyron-jaq - Xolo Chromebook -* veyron-jerry - CTL J2 / J4 Chromebook for Education -* veyron-jerry - eduGear Chromebook K Series -* veyron-jerry - Epik 11.6" Chromebook ELB1101 -* veyron-jerry - HiSense Chromebook 11 -* veyron-jerry - Mecer Chromebook -* veyron-jerry - NComputing Chromebook CX100 -* veyron-jerry - Poin2 Chromebook 11 -* veyron-jerry - Positivo Chromebook CH1190 -* veyron-jerry - VideoNet Chromebook BL10 -* veyron-mickey - ASUS Chromebit CS10 -* veyron-mighty - Chromebook PCM-116E -* veyron-mighty - eduGear Chromebook M Series -* veyron-mighty - Haier Chromebook 11e -* veyron-mighty - Lumos Education Chromebook -* veyron-mighty - MEDION Chromebook S2015 -* veyron-mighty - Nexian Chromebook 11.6-inch -* veyron-mighty - Prowise 11.6" Entry Line Chromebook -* veyron-mighty - Sector 5 E1 Rugged Chromebook -* veyron-mighty - Viglen Chromebook 11 -* veyron-minnie - ASUS Chromebook Flip C100PA -* veyron-speedy - ASUS Chromebook C201PA -* veyron-tiger - AOpen Chromebase Mini -* winky - Samsung Chromebook 2 11 - XE500C12 -* wizpig - CTL J5 Chromebook -* wizpig - Edugear CMT Chromebook -* wizpig - Haier Convertible Chromebook 11 C -* wizpig - PCMerge Chromebook PCM-116T-432B -* wizpig - Prowise ProLine Chromebook -* wizpig - Viglen Chromebook 360 -* wolf - Dell Chromebook 11 -* zako - HP Chromebox CB1-(000-099) / HP Chromebox G1/ HP Chromebox - for Meetings - -## TPM firmware update - -Recent Chrome OS builds of version M61 and later include functionality to -install a TPM firmware update on the affected devices. After installing the -update, RSA keys generated by the TPM are no longer vulnerable against the -attack described above. - -### Chrome OS versions including the firmware update - -The following Chrome OS versions include the TPM firmware update for affected -devices (note that chromium OS builds do not contain firmware files): - -* Chrome OS M61 - build 9765.81.0 and later -* Chrome OS M62 - build 9901.42.0 and later -* Chrome OS M63 - build 10020.0.0 and later - -The one exception is link / Google Chromebook Pixel, for which the TPM firmware -update functionality is not enabled yet. There is a problem with firmware update -installation on that device, we intend to ship an update with a fix to enable -the TPM firmware update as soon as possible. - -### Things to know about the update process - -Installing the TPM firmware update requires a hardware reset of the TPM chip. -This means that all data held by the TPM will be discarded. This includes disk -encryption keys, implying all user data stored locally on the device will be -lost. Thus, you need to carefully backup any important data before you install -the update. - -We are actively working on ways to allow updated TPM firmware to be installed -without losing all data on the device. Launch dates for these non-destructive -update flows are not confirmed at this point though. - -There is also a risk that the update will fail e.g. due to loss of power while -installing the update. See **below** for more information on how to recover from -this situation. You'll need Chrome OS recovery media in order to invoke the -recovery flow. You will want to make sure that you either prepare it before -starting the TPM firmware update just in case or have another computer available -to create recovery media in case you need it. - -### Deciding whether to install the update - -There is no one-size-fits-all advice on whether to install the update or not. As -described above, there are inherent inconveniences and risks associated with the -update process and a limited set of features is impacted by the vulnerability. -In order to help make an informed decision, here is some guidance. If any of the -following applies, consider installing the update: - - You rely on the highest level of protection that Chrome OS can offer for - your encrypted user data (TPM-backed protection against password - brute-forcing attacks). - - You are using hardware-backed encryption keys and corresponding certificates - to access network services such as corporate web sites, VPNs. etc. If you're - unsure you can check the "your certificates" section in - chrome://settings/certificates to see whether you have any hardware-backed - certificates. - - You are using [Verified - Access](https://support.google.com/chrome/a/answer/7156268) for device - authentication on your enterprise-managed Chrome OS devices. When in doubt, - ask your administrator. - -If none of the bullets above apply to you, you don't benefit from the update and -can safely skip it, thus avoiding potential complications due to failing updates -as described above. - -### Installing the update - -Due to the implied loss of data, users must trigger the update explicitly. To do -so, users can opt in to installing the TPM firmware update as part of the -[factory reset flow](https://support.google.com/chromebook/answer/183084) also -known as "powerwash". Note that for enterprise-managed devices, the powerwash UI -is not regularly available. We have added a TPM firmware update device policy -though which admins can set to make the TPM firmware update via powerwash -available to their users. - -The steps are as follows: - - Trigger the powerwash flow, either via Ctrl+Alt+Shift+r on the login screen, - or via the powerwash option in chrome://settings > Advanced. - - The flow will ask you to reboot unless you have just restarted your device - anyways. - - In the powerwash dialog, there will be a checkbox "Update firmware for added - security." Check it in order to request the TPM firmware update to be - installed. - If you don't see a checkbox, this can be due to a number of reasons: - - Your device already runs updated firmware, check chrome://system as - described above to confirm. - - You are running an older Chrome OS version that doesn't include - functionality to update TPM firmware. Upgrade to a newer OS version. - - Once you click the "Powerwash" button and confirm, the device will reboot. - - After the reboot, you'll see a message indicating that the powerwash is in - progress. Wait for it to complete, after which the device will reboot again. - - After the second reboot, the device will show a message screen when - installing the firmware update. There is a progress bar that will be updated - as the update progresses. The device will reboot once more after installing - the update. - - After the third reboot, you'll see the familiar Chrome OS UI again showing - the out of box experience. Your device is just as new, so you can go through - the setup flow again and then log in as usual. - - It’s worth double-checking you are running fixed TPM firmware by checking - the tpm_version entry in chrome://system. See the **Affected TPM firmware - versions** section for details. - -### Retrying a failed update - -There is a risk that the device will no longer boot if the update fails. This -happens when the update installation gets interrupted while on the installation -progress screen, for example due to power loss. The device will show a screen -saying "Chrome OS is missing or damaged". If you press Tab on this screen, -you'll see some additional information including a line labelled -"recovery_reason". If the boot failure was due to an earlier failed TPM firmware -update, you'll likely see "Secure NVRAM (TPM) initialization error" as -"recovery_reason". - -Devices in this state can be recovered via [Chrome OS -recovery](https://support.google.com/chromebook/answer/1080595). Recovery images -for versions that have the TPM firmware update (see above) include functionality -to retry a TPM firmware update that has previously failed. Follow these steps to -recover: - - Make absolutely sure that your device is connected to a reliable power - source and has a charged battery (if applicable). - - Press Esc+Refresh+Power (keep holding Esc+Refresh for a while after - releasing power) in order to start recovery mode. The device will boot to a - screen that says "Chrome OS is missing or damaged" (older devices) or - "Please insert a recovery USB stick or SD card" (newer devices). - - Plug the recovery media. - - The device will launch the recovery procedure, starting with verification of - the recovery media. - - If the recovery software determines the TPM has encountered a previous - failed update, it will automatically launch the TPM firmware update - installation process. You'll see a screen indicating the update is getting - installed, with a progress bar getting updated as the update progresses. - - After successful installation of the update, the device will reboot. - Afterwards, the device should boot to the familiar Chrome OS UI again - showing the out-of-box experience. - -### Troubleshooting recovery failure - -The recovery software will show a screen saying "The security module on this -device is not working" if it encounters a bug or a condition that the recovery -software is unable to fix. If you see this, you'll want to ask for help either -via [Chromebook Central Help -Forum](https://productforums.google.com/forum/#!forum/chromebook-central) or via -EDU / enterprise support channels (if applicable). There are some important -pieces of evidence to gather that are helpful in figuring out the root cause of -the failure: - - Hold on to recovery media. The recovery software stores diagnostic - information on it, so do not use it for recovery attempts on other devices - and do not overwrite otherwise. The log files can be found on the first - partition under "recovery_logs" and contain a trace of the recovery software - execution flow which is invaluable in tracking down the root cause for the - failure. - - Take note of the information shown by pressing Tab on the "Chrome OS is - missing or damaged screen" e.g. by snapping a photo. The recovery_reason - line is particularly interesting as it may indicate clues as to what state - the TPM is in. - -### Subsequent TPM firmware update prompt - -Due to a [bug](https://bugs.chromium.org/p/chromium/issues/detail?id=872746) in -the original implementation of the TPM firmware update flow, a vulnerable -Storage Root Key (a key held in the TPM that is used to encrypt other keys) from -before the update may remain even after completing the update. This affects a -small number of devices that did not finish the TPM firmware update in normal -boot mode but only after retry using a recovery image. This can be addressed by -performing another powerwash to clear the TPM again and thus regenerate a new -Storage Root Key that is not vulnerable. Chrome OS M70 and later will show a -one-time system notification saying "Security upgrade available" / "Reset your -Chromebook to upgrade your security" for each user to alert of them of the -situation. Users should re-evaluate their situation per the -[advice](/chromium-os/tpm_firmware_update#TOC-Things-to-know-about-the-update-process) -[above](/chromium-os/tpm_firmware_update#TOC-Deciding-whether-to-install-the-update) -to decide whether they want to perform the powerwash, which can be triggered by -invoking the firmware update flow again via chrome://chrome. - -### Manually Updating - -If you want to apply the update manually for any reason (e.g. you're using a -Chromebook Pixel (link)), here's the steps required. - -1. Put the device into dev mode - * See the [official list of - devices](/chromium-os/developer-information-for-chrome-os-devices) - for more details -2. If you're already in dev mode, you'll need to - [Powerwash](https://support.google.com/chromebook/answer/183084) or - go through - [recovery](https://support.google.com/chromebook/answer/1080595) to - reset the TPM back to the correct initial state -3. Boot the device until you get to the initial OOBE screen (where you - select network/etc...) - * Don't sign in! -4. Switch to a console by pressing Ctrl-Alt-F2 (the -> key is the - same as F2) -5. Log in using the "root" username (there should be no password) -6. Type this command (all on one line): - `dbus-send --system --dest=org.chromium.SessionManager --type=method_call - /org/chromium/SessionManager - org.chromium.SessionManagerInterface.StartTPMFirmwareUpdate - string:first_boot` -7. After a few seconds, the device should reboot - * If the device doesn't reboot, check `/var/log/messages`. If it - says something about a user already having logged in, go back to - step 2. -8. Press Ctrl-D to boot -9. Wait for the powerwash step to finish and reboot (should be quick) -10. Press Ctrl-D to boot -11. Wait for the installing update step to finish -12. If the device reboots and takes you back to the login screen, you're - done -13. If you get an error, perform the steps described above to [retry a - failed - update](/chromium-os/tpm_firmware_update#TOC-Retrying-a-failed-update). - Note that there is a known issue with original Chromebook Pixel - (link) devices:The original TPM firmware version fails installing - the firmware update just before completion. The device may or may - not boot normally after turning it off and on again. It is critical - to go through Chrome OS recovery again to reset the TPM into a good - state and flush out all weak keys. You have been warned! -14. If things still aren't working, then review the troubleshooting - sections above
\ No newline at end of file |