is it possible to modify the firmware (HSM, not STM) of the HSM2?
As far as I understand, the hardware of the OpenPGP Card v2 is comparable to
a microcontroller with basic protection against reading the memory from outside,
but most likely, sensitive keys are not protected against advanced attacks
that are based on chemicals and lasers etc - in contrast to the JavaCard? module inside the
nitrokey HSM2 or debit/credit smartcards, ePassport etc.
In order to really increase security by using an external crypto device like the nitrokey, it is necessary
to specify contraints on the operations that are running inside the secure crypto module.
For example, think of an encrypted hard disk of either a laptop or a shared storage system.
At some point. it is required to release the key from either the human memory of the user or a
Nitrokey-like system to the laptop - the only alternative is to use a (very expensive) system that
is able to perform all the encryption/decryption of data completely inside a secure module at an acceptable speed.
As soon as the key is written to the memory of the laptop, the security of the encryption depends on the
laptop’s integrity, which requires approaches like TPM of the Nitropad, but even then, any vulnerability of the OS’s kernel may leak the key to malware on the system, revealing the complete data to an attacker.
If the secure hardware module inside the Nitrokey HSM2 would offer pubkey authentification for decryption, a single master key could be used to encrypt a large amount of subkeys, each used for only a small part of the disk. The master key itself would never leave the HSM and would only be used for decryption of those keys that are needed. Decrypting keys by the HSM requires a valid certificate of the
user that has to be renewed frequently an is only valid for a specified ammount of keys to decrypt.
In order to implement this, one had to add some functionality to the HSM, namely configuring a condition on a key that has to be satisfied by an other operation (cert verification) before the key is unlocked for the requested operation (decryption).
This could be applied to many other use cases that benefit from access control of keys.
Do you have access to the firmware of the secure hardware module at all?
Is it open source/possible to customize it?
Thanks in advance