Re: Debian-Paket mmc-utils

To: debian-user-german@lists.debian.org
Subject: Re: Debian-Paket mmc-utils
From: Christian Knoke <chrisk@cknoke.de>
Date: Fri, 16 Feb 2018 02:52:20 +0100
Message-id: <[🔎] 20180216015220.rwqlf65ecuxpkomn@leo>
Mail-followup-to: debian-user-german@lists.debian.org
In-reply-to: <[🔎] 7721a000-30a8-1e9c-fac2-0b7fadfeeaeb@stefanbaur.de>
References: <[🔎] f0425adb-93fa-1326-0c7d-158d11173f64@stefanbaur.de> <[🔎] 50d6cced-e4dc-8cb0-23b0-1b764dea2e31@hgbhome.net> <[🔎] 17b6d016-4df0-b5e8-0eab-8eb38cf9ab97@stefanbaur.de> <[🔎] 4718468.HioZ8eNsGh@t500> <[🔎] 7721a000-30a8-1e9c-fac2-0b7fadfeeaeb@stefanbaur.de>

Stefan Baur schriebs am 16. Feb um 02:16 Uhr:

> schon wissen, dass es für Replay Protected Memory Block steht, wage ich

soweit Google mich schlau gemacht hat, kannst du da Codes/Keys speichern,
die nur, ihrerseits, per Schlüssel geschrieben oder gelesen werden können. 
Der Schlüssel wird vom Hersteller eingeschrieben.  Linux bietet nur die
lowlevel Funktionen zum Zugriff.  Alles weitere ist "Userland".

Replay protected bedeutet, das dass device nicht freigeschaltet wird,
sondern jeder einzelne Zugriff geschützt ist.

Kopiert aus:
https://www.jedec.org/sites/default/files/Victo_Tsai(1).pdf

-->-->>

e·MMC v4.41 and v4.5 Architecture for High Speed Functions and Features

[...]

Replay Protected Memory Block (RPMB)

• This function provides means for the system to store data to
the specific memory area in an authenticated and replay
protected manner

• RPMB operation is a separate self-contained security
command protocol that has its own command opcodes
(message types) and well-defined data structure

• This feature is designed to fulfill the security requirements
below

– EICTA CCIG Doc Ref: Eicta Doc: 04cc100
– GSMA Doc Ref: Security Principles Related to Handset Theft 3.0.0


RPMB Requirements (Device Side)

The Replay Protected Memory Block is defined as a separate partition 
in the e·MMC memory space

– Partition size = multiples of 128KByte

Secure storage of Authentication Key

– An Authentication Key is written to the RPMB at
host system manufacturing time and is used as
shared secret to authenticate subsequent RPMB
transactions between the Host and Device

Transaction Authentication

– Transactions (messages) are authenticated by the
Message Authentication Code (MAC) which is a hash
value generated by the Authentication Key,
a random number provided by the Host and the
message itself using HMAC SHA-256

• [HMAC-SHA] Eastlake, D. and T. Hansen, "US Secure
Hash Algorithms (SHA and HMAC-SHA)", RFC 4634,
July 2006.

--<--<--

> War irgendwas hilfreiches dabei?
> 
> Gruß
> Stefan

-- 
***   Christian Knoke  *  25541 Brunsbüttel  *  http://cknoke.de   ***
...                                                                ...
   The prejudices people feel about each other disappear when they 
get to know each other.   -- Kirk, "Elaan of Troyius", stardate 4372.5

Reply to:

References:
- Debian-Paket mmc-utils
  - From: Stefan Baur <newsgroups.mail2@stefanbaur.de>
- Re: Debian-Paket mmc-utils
  - From: Hans-Georg Bork <hgb@hgbhome.net>
- Re: Debian-Paket mmc-utils
  - From: Stefan Baur <newsgroups.mail2@stefanbaur.de>
- Re: Debian-Paket mmc-utils
  - From: Robert Stephan <robert.stephan@entenhof-im-ried.de>
- Re: Debian-Paket mmc-utils
  - From: Stefan Baur <newsgroups.mail2@stefanbaur.de>

Prev by Date: Re: Debian-Paket mmc-utils
Next by Date: Re: Debian-Paket mmc-utils
Previous by thread: Re: Debian-Paket mmc-utils
Next by thread: Re: Debian-Paket mmc-utils
Index(es):
- Date
- Thread