Post by AMI_Mani on Dec 17, 2018 8:53:47 GMT
Hi All,
As per HI specification(https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf) Implementation can support of auto-generated password and store in UEFI variable for Host OS application to access.Any user logged into Host OS(other than administrator privilege, even guest user) can read the UEFI variable and can communicate to redfish which can be security breach, please correct me if my understanding is incorrect
I'm unable to understand the section 9.2 Security considerations for protecting auto-generated
credentials
copied at end of thread and clarification below
<< It is recommended that system designers protect the credentials from unauthorized access. The use of
UEFI Secure Boot to protect access to credentials is recommended
Clarifications:
1. How we can use UEFI Secure Boot to protect access to credentials? Since credential is stored in UEFI variable and it needs to be accessible from HOST OS, unable to understand relation of UEFI Secure Boot for protecting HostAutoOS credentials
2. Since any user can access UEFI variable from HOST OS, how we can protect the credentials from unauthorized access
<<< The system OS is provided with a method of disabling further retrieval of the credentials after initial
authorized retrieval
Clarifications:
1. Needs to read credentials only once or can allow to read any number of times from UEFI Variable from HOST OS for HostAutoOS credentials. Many OS application can use redfish and in this case only one read is allowed, so other application may not able to read the credentials
2. What is authorized retrieval in this context. Is it from HOST OS or implementation specific. If implementation specific means, again we need to have some authentication mechanism for HOST OS application to authenticate
Copied from Specification
9.2. Security considerations for protecting auto-generated
credentials
It is recommended that system designers protect the credentials from unauthorized access. The use of
UEFI Secure Boot to protect access to credentials is recommended. Because of the difficulty of defining a
security procedure for Legacy-booting OS, delivery of credentials to Legacy OS is not described by this
specification and any Legacy OS support for this feature is OEM-specific.
The system OS is provided with a method of disabling further retrieval of the credentials after initial
authorized retrieval. System designers are encouraged to implement such a scheme of retrieve, store,
and disable to avoid unauthorized reading of the credential variables
Thanks,
Mani
As per HI specification(https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf) Implementation can support of auto-generated password and store in UEFI variable for Host OS application to access.Any user logged into Host OS(other than administrator privilege, even guest user) can read the UEFI variable and can communicate to redfish which can be security breach, please correct me if my understanding is incorrect
I'm unable to understand the section 9.2 Security considerations for protecting auto-generated
credentials
copied at end of thread and clarification below
<< It is recommended that system designers protect the credentials from unauthorized access. The use of
UEFI Secure Boot to protect access to credentials is recommended
Clarifications:
1. How we can use UEFI Secure Boot to protect access to credentials? Since credential is stored in UEFI variable and it needs to be accessible from HOST OS, unable to understand relation of UEFI Secure Boot for protecting HostAutoOS credentials
2. Since any user can access UEFI variable from HOST OS, how we can protect the credentials from unauthorized access
<<< The system OS is provided with a method of disabling further retrieval of the credentials after initial
authorized retrieval
Clarifications:
1. Needs to read credentials only once or can allow to read any number of times from UEFI Variable from HOST OS for HostAutoOS credentials. Many OS application can use redfish and in this case only one read is allowed, so other application may not able to read the credentials
2. What is authorized retrieval in this context. Is it from HOST OS or implementation specific. If implementation specific means, again we need to have some authentication mechanism for HOST OS application to authenticate
Copied from Specification
9.2. Security considerations for protecting auto-generated
credentials
It is recommended that system designers protect the credentials from unauthorized access. The use of
UEFI Secure Boot to protect access to credentials is recommended. Because of the difficulty of defining a
security procedure for Legacy-booting OS, delivery of credentials to Legacy OS is not described by this
specification and any Legacy OS support for this feature is OEM-specific.
The system OS is provided with a method of disabling further retrieval of the credentials after initial
authorized retrieval. System designers are encouraged to implement such a scheme of retrieve, store,
and disable to avoid unauthorized reading of the credential variables
Thanks,
Mani