DMA attacks are possible not only via USB?!
47 views
Skip to first unread message
Chris
Dec 17, 2017, 3:23:36 PM12/17/17
to qubes-users
Hi,
I am wondering a bit what this USB & NetVM shielding are really buying me. I am switching from a laptop to a desktop, so it may remain unattended for quite a while and thus could be exposed to hardware access... The hardware access will be mild, meaning I could imagine someone to compromise a bootloader or install a malicious device.
Now say that install an internal USB controller to which I connect an SD-Card reader, which in turn uses Anti-Evil-Maid to boot the machine. This controller needs to be whitelisted. But since it is internal and will only provide one slot for the card reader, the machine will not boot properly without this setup. Still, someone could compromise this setup.
So lets say I had a PCI-Express card reader, which seems to not be available for desktops... Wouldn't this pose the same problem? PCI-Express also has DMA access. How does Qubes know that a particular PCI-Express device can be safely attached to Dom0 (like a SD card reader on a laptop, which is usually PCI-Express)? If the PCI-Express device is compromised, wouldn't it compromise Dom0?
Anyway I am trying to wrap my head around what I can and can not protect against.
It seems as if Qubes OS is useless in protecting against hardware access. Even with TPM, I am not sure how realistic it is. Will AEM be triggered when changing USB controllers or adding hostile USB devices to the one whilelisted controller that manages the AEM device? If not, what is the point of AEM? How is AEM any better than simply putting the bootloader on a separate disk? Okay, it gives a bit better piece of mind that really MY bootloader was used, but that is about it, right? It won't help against someone adding compromised devices to a PCI-E slot or USB?!
Any links or help here? Btw, its really hard to find any useful information via Google about most topics regarding Qubes OS. Is Qubes OS somehow downranked intentionally?
Cheers
Chris
Chris Laprise
Dec 17, 2017, 5:08:20 PM12/17/17
to Chris, qubes-users
On 12/17/2017 03:23 PM, 'Chris' via qubes-users wrote:
> It seems as if Qubes OS is useless in protecting against hardware
> access. Even with TPM, I am not sure how realistic it is. Will AEM be
> triggered when changing USB controllers or adding hostile USB devices to
> the one whilelisted controller that manages the AEM device? If not, what
> is the point of AEM? How is AEM any better than simply putting the
> bootloader on a separate disk? Okay, it gives a bit better piece of mind
> that really MY bootloader was used, but that is about it, right? It
> won't help against someone adding compromised devices to a PCI-E slot or
> USB?!
>
> Any links or help here? Btw, its really hard to find any useful
> information via Google about most topics regarding Qubes OS. Is Qubes OS
> somehow downranked intentionally?
Welcome to Qubes, circa 2012. :)
> It seems as if Qubes OS is useless in protecting against hardware
> access. Even with TPM, I am not sure how realistic it is. Will AEM be
> triggered when changing USB controllers or adding hostile USB devices to
> the one whilelisted controller that manages the AEM device? If not, what
> is the point of AEM? How is AEM any better than simply putting the
> bootloader on a separate disk? Okay, it gives a bit better piece of mind
> that really MY bootloader was used, but that is about it, right? It
> won't help against someone adding compromised devices to a PCI-E slot or
> USB?!
>
> Any links or help here? Btw, its really hard to find any useful
> information via Google about most topics regarding Qubes OS. Is Qubes OS
> somehow downranked intentionally?
If you dig into old listgroup posts, you'll see this topic covered over
and over again. Much of the discussion is based-on or references
Joanna's (@rootkovska) blog posts:
https://blog.invisiblethings.org/index.html
TL;dr - AEM protects you only within a margin where an attacker (e.g.
Evil Maid) isn't terribly skilled and has only a brief window of time to
attack. Beyond that, we are *still* talking about physical access here.
Another data point is the HCL. If you look for entries by "Qubes core
developers" you should notice all of those systems are Laptops! Qubes is
rather laptop-centric because they are more integrated and more
difficult to subvert in a piecemeal fashion. IIRC Joanna has recommended
PC laptops as preferable because of keyboards that are not only
integrated, but also PS/2 (non-USB).
Add to that a sprinkling of discussion about making motherboards more
tamper-evident.
So there is a certain level of pragmatism when it comes to physical
security. The fact that Qubes was released for PC hardware should not be
taken as a sign that the Qubes community regards current PC architecture
as having very good security. Qubes tries to make the best out of a bad
situation, and even the core devs want better-designed hardware.
Finally, there is the notion that if someone is resourceful enough to
trick your TPM, then "you probably have bigger problems than PC security
anyway". Its sort of an infosec cop-out, but there's some truth to it.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Reply all
Reply to author
Forward
0 new messages