I have observed something in the Dasharo/Heads boot process which I cannot explain and seems dubious to me.
Hardware: Nitropad ns70
Firmware: Dasharo Nitrokey-v2.5.0 (as per dmidecode)
USB ToKey: NK3A
Explanation: Normally, the boot sequence first runs coreboot and then enters the payload HEADS in order to check that the HOTP secret released by the TPM matches the one on the NK3. It will first check that the NK3 is inserted and is indeed the expected device, and after that validate HOTP, thus proving untampered firmware. The key will, at this point, flash green and display HOTP verification success on the screen. If you let the boot process continue automatically, it will wait 5 seconds and if there is no keystroke, proceed with signature verification before kexec into the target OS (Qubes in my case)
Observed behaviour: I usually let all this go uninterrupted and proceed with default boot automatically - BUT the other day I inadvertently unplugged the NK3 just after HOTP verification while still in the 5 seconds delay. I thought I would get an alert, since I had removed the Key much too early, before the /boot partition validation; and to my great surprise, the process continued without the key inserted and completed the boot as usual…
This really puzzled me, so I replicated the sequence several times, confirming this odd behaviour that in fact the NK3 does not need to be there in order to verify signatures and binaries/files inside the /boot partition. This is very strange and unexplainable: the signature, hashes and anti-rollback data can only be verified if the gpg smartcard is accessible, right? How could any gpg operation succeed if there is no smartcard plugged in? Or are the required gpg keys stored in memory at this point (which would be disastrous)?
I can only conclude - having no other logical explanation - that no verification really occurs and that all the text being displayed is only spoof to reassure cautious users…
- Company
- News
- Products
- Solutions
- Support
- Shop