rtfmoz
Posts: 17
Joined: Wed Mar 27, 2013 8:39 pm

Security: The boot process

Tue Oct 08, 2019 11:43 pm

If these devices get used for point solutions across an enterprise the security of the device has to be assessed. So with a security hat on I have a few questions regarding the Raspberry Pi4...

When Rasbian boots on the Pi4 are there any checks to validate the boot EEPROM just used is foundation issued? To be clear, I'm simply asking if such checks exist.

If the answer to the above is no. Can such checks be implemented, eg can a hardened Rasbian with a specific EEPROM perform such checks in a way that would assert the security of the boot process?

Please understand im not here discussing a specific use case, just the security posture of the device, whether it can be made more secure and how one might achieve it. Application security is an entirely different discussion. If there are existing discussions that may answer some of these questions please refer me to them.

I note in the documentation it says "It is possible to physically write-protect both EEPROMs via a simple resistor change." then refers to schematics. I was unable to determine where this is in the schematics -- issue #1302 raised for his

Heater
Posts: 13284
Joined: Tue Jul 17, 2012 3:02 pm

Re: Security: The boot process

Wed Oct 09, 2019 6:16 am

What is a "point solution across an enterprise"?

One should assume the Pi has zero security once deployed out in the field and people have physical access to it.

Otherwise it's as secure as you make it, which depends on what network services you run on it and how they are configured, like any Linux system.

openoms
Posts: 2
Joined: Wed Oct 09, 2019 7:12 am

Re: Security: The boot process

Wed Oct 09, 2019 7:19 am

What would be the best way to verify the contents of this EEPROM?

Also the documentation states:
Note that if a bootcode.bin is present in the boot partition of the SD card in a Pi 4, it is ignored.
Is the check for the bootcode.bin on the SDcard governed by the code on the EEPROM or is it completely ignored (the RPi4 would boot even with an erased EEPROM)?

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23636
Joined: Sat Jul 30, 2011 7:41 pm

Re: Security: The boot process

Wed Oct 09, 2019 9:08 am

openoms wrote:
Wed Oct 09, 2019 7:19 am
What would be the best way to verify the contents of this EEPROM?

Also the documentation states:
Note that if a bootcode.bin is present in the boot partition of the SD card in a Pi 4, it is ignored.
Is the check for the bootcode.bin on the SDcard governed by the code on the EEPROM or is it completely ignored (the RPi4 would boot even with an erased EEPROM)?
The Pi4 bootloader doesn't even look for a bootcode.bin, it just runs the bootcode from the EEPROM.

As for the security, there are options here that I am not able to talk about at this stage.

What I can say:

You cannot brick a Pi4 i.e. you can ALWAYS return a Pi to a safe state by using a good recovery.bin on an SD card and booting. This is also a way of ensuring you are not using a hacked EEPROM.

In order to hack the EEPROM in the first place, you WILL need root access. At which point all bets are off anyway.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

User avatar
DougieLawson
Posts: 36098
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Security: The boot process

Wed Oct 09, 2019 4:51 pm

jamesh wrote:
Wed Oct 09, 2019 9:08 am
In order to hack the EEPROM in the first place, you WILL need root access. At which point all bets are off anyway.
Or physical access to swap the boot device (currently only an SDCard).

It always worries me when these security folks come asking & inferring that the RPi is insecure. They seem to forget that a laptop is only as secure as the screws in the case that stop you swapping out the hard disk. BIOS security can make life difficult, but even a password protected hard drive carries the password on the media device.

Are you willing to reveal what processor runs the boot code? Is it run on the RPi 4's ARM8? Or is there still a proprietary "GPU" that runs it? If it's ARM8 then it is trivial to reverse engineer (as that is fully documented). If it still runs on some hidden Broadcom device that makes the bootcode more obscure (like the SDCard resident bootcode.bin & start.elf stuff on the older Raspberries).
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

incognitum
Posts: 341
Joined: Tue Oct 30, 2018 3:34 pm

Re: Security: The boot process

Wed Oct 09, 2019 9:26 pm

DougieLawson wrote:
Wed Oct 09, 2019 4:51 pm
but even a password protected hard drive carries the password on the media device.
That is not the case with modern storage.
E.g. Intel SSDs do full disk encryption if you set a drive password in the BIOS.

Are you willing to reveal what processor runs the boot code? Is it run on the RPi 4's ARM8? Or is there still a proprietary "GPU" that runs it? If it's ARM8 then it is trivial to reverse engineer (as that is fully documented). If it still runs on some hidden Broadcom device that makes the bootcode more obscure (like the SDCard resident bootcode.bin & start.elf stuff on the older Raspberries).
If an attacker has compromised a Pi, and his goal was to create a backdoor that he could continue to use even if the SD card was reinstalled, I can think of simpler ways then reverse engineering the bootcode.
E.g. he could change the EEPROM settings to enable netboot, and set TFTP_IP to a server under his control.
Netboot works over the Internet now.

rtfmoz
Posts: 17
Joined: Wed Mar 27, 2013 8:39 pm

Re: Security: The boot process

Wed Oct 09, 2019 11:44 pm

DougieLawson wrote:
Wed Oct 09, 2019 4:51 pm
It always worries me when these security folks come asking & inferring that the RPi is insecure.
It is a standard question. You bring an inference by mentioning it. The Raspberry Pi is what it is, a tool designed to promote education in the electronics industry by enabling youth to take an interest. However, through the years, it has become more than just an educational tool. Solutions are being implemented on the platform because it is such a unique one providing access to a huge repository of open source work built over the last 30 years. As a result, it is quite likely all of you are running a server of some sort, usually application-specific performing a dedicated task, doing quite a good job at it too. These things filter from the personal use of professionals into business by the very nature of their usefulness and this is what brings on a security assessment. Nothing is implied, it is purely looking at it from a security looking glass and asking relevant questions.

rtfmoz
Posts: 17
Joined: Wed Mar 27, 2013 8:39 pm

Re: Security: The boot process

Wed Oct 09, 2019 11:53 pm

jamesh wrote:
Wed Oct 09, 2019 9:08 am

The Pi4 bootloader doesn't even look for a bootcode.bin, it just runs the bootcode from the EEPROM.

As for the security, there are options here that I am not able to talk about at this stage.

Thank you for your reply! Much appreciated.
In order to hack the EEPROM in the first place, you WILL need root access. At which point all bets are off anyway.

The modified EEPROM would be done offsite if it were to happen. Is then a case of loading using tools in the operating system. The write-protection of the EEPROM is pretty much the solution to this. Is there a way for the OS to check if the EEPROM is write-protected?

To give people a better idea, the security scenario is a deployed device at a customer site performing some useful networking function. There is no physical access to the device, only network access.

openoms
Posts: 2
Joined: Wed Oct 09, 2019 7:12 am

Re: Security: The boot process

Thu Oct 10, 2019 8:58 am

jamesh wrote:
Wed Oct 09, 2019 9:08 am
The Pi4 bootloader doesn't even look for a bootcode.bin, it just runs the bootcode from the EEPROM.

As for the security, there are options here that I am not able to talk about at this stage.

What I can say:

You cannot brick a Pi4 i.e. you can ALWAYS return a Pi to a safe state by using a good recovery.bin on an SD card and booting. This is also a way of ensuring you are not using a hacked EEPROM.

In order to hack the EEPROM in the first place, you WILL need root access. At which point all bets are off anyway.
Thank you for your answer and for clarifying what does get ignored during boot. It is clear now that the bootloader on the EEPROM is used on RPi4 regardless of a bootcode.ini on the SDcard.

Is there a PGP signature and a SH256 hash provided for the bootloader image downloadable here: https://www.raspberrypi.org/downloads/ (just like there is for the Raspbian releases)?

Also could there be way to verify the contents of the EEPROM without reflashing? That would make a secure start of a new device easier and could possibly be automated.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23636
Joined: Sat Jul 30, 2011 7:41 pm

Re: Security: The boot process

Thu Oct 10, 2019 9:32 am

openoms wrote:
Thu Oct 10, 2019 8:58 am
Is there a PGP signature and a SH256 hash provided for the bootloader image downloadable here: https://www.raspberrypi.org/downloads/ (just like there is for the Raspbian releases)?
Good point, I'll try and get that added.
openoms wrote:
Thu Oct 10, 2019 8:58 am
Also could there be way to verify the contents of the EEPROM without reflashing? That would make a secure start of a new device easier and could possibly be automated.
Not sure, will ask.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

trejan
Posts: 566
Joined: Tue Jul 02, 2019 2:28 pm

Re: Security: The boot process

Thu Oct 10, 2019 9:59 am

openoms wrote:
Thu Oct 10, 2019 8:58 am
Also could there be way to verify the contents of the EEPROM without reflashing? That would make a secure start of a new device easier and could possibly be automated.
You can dump the existing contents using flashrom after reconfiguring the GPIOs for access. There is a configuration block inside the bootcode which sets various options like power off on halt so you need to take that into account for your verification hash.

hippy
Posts: 5941
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: Security: The boot process

Thu Oct 10, 2019 12:21 pm

trejan wrote:
Thu Oct 10, 2019 9:59 am
There is a configuration block inside the bootcode which sets various options like power off on halt so you need to take that into account for your verification hash.
Take a look at '/usr/bin/rpi-eeprom-config' which is a Python program which shows how to read the Boot Eeprom .bin files and separate out the various parts.

That should prove useful for comparing a 'flashrom' saved .bin from actual Boot Eeprom against a reference 'bin file, calculating checksums of each while disregarding the configuration settings.

hippy
Posts: 5941
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: Security: The boot process

Thu Oct 10, 2019 12:40 pm

rtfmoz wrote:
Wed Oct 09, 2019 11:53 pm
Is there a way for the OS to check if the EEPROM is write-protected?
Not sure about the OS but it appears to be possible to access the Boot Eeprom from userland, query the write-protect pin status, which is what I presume is used to write-protect the chip even though it's not shown on the published schematics.
rtfmoz wrote:
Wed Oct 09, 2019 11:53 pm
There is no physical access to the device, only network access.
It seems to me that so long as someone can get a program onto a targeted Pi 4B and have it executed, with root access or not, that can erase, corrupt or reprogram the Boot Eeprom if not physically write-protected.

As noted in previous discussions I don't believe this could be put to much use beyond being a nuisance. It is just one part of a chain-load bootloader so that restricts what could be easily done to seriously compromise or back-door a system.

Others however disagree. And, if the Boot Eeprom could be configured to network boot from an outside server and succeed in that, I guess that would be a pretty simple way to do that.
Last edited by hippy on Thu Oct 10, 2019 12:58 pm, edited 1 time in total.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23636
Joined: Sat Jul 30, 2011 7:41 pm

Re: Security: The boot process

Thu Oct 10, 2019 12:51 pm

hippy wrote:
Thu Oct 10, 2019 12:40 pm
It seems to me that so long as someone can get a program onto a targeted Pi 4B and have it executed, with root access or not, that can erase, corrupt or reprogram the Boot Eeprom if not physically write-protected.
The programming process requires root privileges.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

hippy
Posts: 5941
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: Security: The boot process

Thu Oct 10, 2019 1:11 pm

jamesh wrote:
Thu Oct 10, 2019 12:51 pm
hippy wrote:
Thu Oct 10, 2019 12:40 pm
It seems to me that so long as someone can get a program onto a targeted Pi 4B and have it executed, with root access or not, that can erase, corrupt or reprogram the Boot Eeprom if not physically write-protected.
The programming process requires root privileges.
I will agree; it requires root privileges. It's just that by default those are easy to get on a Pi.

One can silently gain root privileges from a Python program running on a Pi without root privileges and I would guess that's the same for any other programming languages. I happened to mention that in an earlier post elsewhere -

https://www.raspberrypi.org/forums/view ... 7#p1549765

I guess that if sudo were configured some other way than Raspbian has it by default that would affect things as noted in the subsequent reply to that post.

But, wthout having changed 'sudo' configuration, it seems to me that all the commands needed to read or write the Boot Eeprom can be called from a Python program simply by wrapping them in os.system() calls or similar with sudo specified-

https://www.raspberrypi.org/forums/view ... 0#p1502253

I will admit I haven't tried it because I don't have a Pi 4B to try it on.

Andyroo
Posts: 4465
Joined: Sat Jun 16, 2018 12:49 am
Location: Lincs U.K.

Re: Security: The boot process

Thu Oct 10, 2019 1:21 pm

Why would you use the default user? Surely in a secure system you would lock the OS down more than a training / educational computer and create a user with limited rights?
Need Pi spray - these things are breeding in my house...

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23636
Joined: Sat Jul 30, 2011 7:41 pm

Re: Security: The boot process

Thu Oct 10, 2019 1:30 pm

If someone hasn't locked down sudo or done even the most basic of security changes, then worrying about a corrupted/hacked EEPROM isn't going to be high on their list.

So I think for the purposes of this topic, it can be ignored.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

Return to “Raspbian”