[RFC] mtd: ubi: UBI Encryption

[Michal Suchanek]

Hello,

On 12 August 2015 at 19:19, David Gstir <david at sigma-star.at> wrote:
> Hi!
>

>> - Encryption in UBI was preferred as it removed the complexity from userspace,
>>   though I suppose there is no reason why this can't be done within the MTD
>>   layer rather than in UBI and thus benefit all MTD users.
>
> Generally speaking, I'd argue for moving encryption to the highest layer possible. So, if you exclusively use UBIFS and need encryption, add it to UBIFS or even your userspace application.
> The main reason for this is that disk encryption on lower layers (e.g block-level) has fewer security guarantees, like no authentication of encrypted data for example. So it cannot prevent "evil maid" attacks.
> There is a nice writeup on this topic here: [2], which focuses on the commonly used XTS mode, but makes valid points for disk encryption in general.
>
> So, when you do encryption in UBI or MTD, be aware of the security implications and know your thread model.
>
> [2] http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/

Thanks for the pointers.

Obviously, full disk encryption is not ideal but it's also last resort
in the sense that you can cut & paste state of the art solution and it
works on any kind of disk with minimum requirements on the implementor
and reviewer.

>From the notes about internal and external flash it seems that this is
upposed to protect against removing an external flash memory which is
attached to a device. This is probably a decent solution for the
problem. Knowing more details would help here.

Adding encryption to UBIFS itself is much more difficult.

Adding encryption to every application is not really feasible unless
you have a single-purpose device with one application.

Thanks

Michal