On Mon, Aug 31, 2020 at 08:07:08PM +0300, Ard Biesheuvel wrote:
I'd like to see people's view on who signs what, in the following use case:
- Car vendor A builds a car with tier1-1 and tier1-2 boards provided by
silicon1 and silicon2.
- TF-A, OP-TEE, SCMI-TA, U-Boot are provided by silicon1 for board1 and
silicon2 for board2
- board1 is an android auto board and has a DRM TA on board1 provided by
Netflix
- board2 is an AGL board provided by tier1-2
Is the following correct? PK only cert should be issued by silicon1 and silicon2. KEK in board1 shall contain silicon1, android, Netflix certs KEK in board2 shall contain silicon2, tier1-2 certs DB shall contain the signatures of relevant images on each board. Shouldn't car vendor A have a way to insert itself in the chain of trust?
So you are assuming that the fact that some parts of the firmware image are provided by different parties implies that each of those parties can control when/how those pieces get updated? Do you seriously think that, e.g., Toyota will happily let Netflix issue updates for firmware pieces that are stored on the same NOR flash as the system firmware?
Moreover many of the parties that supply code want to *avoid* issuing certificates on the approximate basis that if you don't know a key you can never be legally responsible for having leaked it.
In other words several actors within the supply chain (almost certainly including silicon1 and silicon2) will be actively seeking to avoid certifying anything!
Daniel.