Page 1 of 1

Re: Raspberry Pi as an HSM?

Posted: Fri Mar 30, 2012 10:36 pm
by zardoz99
Has anyone considered that, due to its hard soldered PoP/SoC combination, it might make a quite good HSM. It could load the encrypted contents from a LUKS filesystem on the SD card. This would then be unpacked into memory and run from there.

From Wikipedia…

A hardware security module (HSM) is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications. These modules are physical devices that traditionally come in the form of a plug-in card or an external TCP/IP security device that can be attached directly to the server or general purpose computer.

The goals of an HSM are (a) onboard secure generation, (b) onboard secure storage, (c) use of cryptographic and sensitive data material, (d) offloading application servers for complete asymmetric and symmetric cryptography. HSMs provide both logical and physical protection of these materials from non-authorized use and potential adversaries. In short, they protect high-value cryptographic keys.

Just an idea….

Re: Raspberry Pi as an HSM?

Posted: Fri Mar 30, 2012 11:24 pm
by SeanD
The problem is that you will be running it in memory on a pretty well known and physically insecure SoC.  However for lower security applications if the RPi was semi potted it would make a good little and inexpensive HSM, certainly good for some dev applications.  Certainly a lot cheaper than the ones we use, but also a lot less performant and secure.

Re: Raspberry Pi as an HSM?

Posted: Fri Mar 30, 2012 11:33 pm
by Gert van Loo
Unless, of course, you run it on a unknown and physically secure GPU. (Of course somebody at Broadcom would have to write the code.)

Re: Raspberry Pi as an HSM?

Posted: Fri Mar 30, 2012 11:46 pm
by zardoz99
As the core is an ARM1176, could the Trustzone functionality be invoked?

Re: Raspberry Pi as an HSM?

Posted: Sat Mar 31, 2012 12:15 am
by SeanD
zardoz99 said:


As the core is an ARM1176, could the Trustzone functionality be invoked?


I think we have determined that TrustZone is not available, but you are right with a TSM involved you could provision the TEE and use both TZ as the secure element and also do a lot of the crypto in the TEE.  However the SoC has limited physical protection as even with TZ the SoC is designed to store device/user credentials rather than root keys.

Re: Raspberry Pi as an HSM?

Posted: Sun Apr 01, 2012 12:59 am
by zardoz99
Oh well, so much for THAT idea...

Re: Raspberry Pi as an HSM?

Posted: Sun Apr 01, 2012 11:57 pm
by plugwash
zardoz99 said:


Has anyone considered that, due to its hard soldered PoP/SoC combination, it might make a quite good HSM. It could load the encrypted contents from a LUKS filesystem on the SD card. This would then be unpacked into memory and run from there.


And where would it get the key from to read those encrypted contents? afaict there is no user-accessible nonvolatile storage on the Pi. Even if there was someone could just swap out the SD card and replace it with one that read out the key rather than using the key to decrypt the SD card.

Re: Raspberry Pi as an HSM?

Posted: Mon Apr 02, 2012 12:10 am
by zardoz99
How about off a Yubikey. That would hold the initial LUKS passcode...