|
|
PCIe Security eLearning Course
Instructor(s): Paul Devriendt Number of Modules: 51 Subscription Length: 90 days
|
Course Price $995.00 |
|
PCIe Security eLearning Course Info
What's Included?
|
|
PCIe Security eLearning modules
(unlimited access for 90 days) |
PDF of Course Slides
(yours to keep, does not expire) |
Benefits of eLearning:
- Cost Effective - Get the same information delivered in a live MindShare class at a fraction of the cost
- Available 24/7 - MindShare eLearning courses are available when and where you need them
- Learn at Your Pace - MindShare eLearning courses are self-paced, so you can proceed when you're ready
- Access to the Instructor - Ask questions to the MindShare Instructor that taught the course
You Will Learn:
- Threat models.
- STRIDE categories (spoofing, tampering, repudiation, information disclosure, repudiation, denial of service, elevation of privilege).
- System and PCIe overview, highlighting the areas we will discuss with respect to attacks.
- DMA attacks.
- Using the IOMMU to prevent DMA attacks, and the potential security holes with an IOMMU.
- Other DMA attack mitigations such as encrypted memory.
- Interrupt attacks.
- Using Interrupt Remapping to prevent interrupt attacks, and the security holes with interrupt remapping.
- The idea of mutable versus immutable, and why everything needs to be treated as mutable.
- Error reporting attacks.
- Switch attacks.
- The enhancements to the PCIe fabric and to manageability (CMA/SPDM/IDE)
- The boundaries of the protection from the enhancements, and possible paths to attacking such a secured system.
Who Should View?
This course is hardware-oriented, but is suitable for both hardware and software engineers. The course is ideal for RTL-, chip-, system- or system board-level design engineers who need a broad understanding security issues in a computer platform and IDE engine. Software engineers will benefit from in-depth understanding of IOMMU and interrupt setup and configuration to prevent DMA and interrupt attacks. The course is also suitable to validation engineers.
Course Outline:
- Module 1: Outline
- Goes through MindShare offerings and then walks through the course outline
- Module 2: Introduction
- Describes the evolution of security issues and then introduces the features added to PCIe to help
- Module 3: Background and History of IO
- Defines concepts of Programmed IO (PIO) and Direct Memory Access (DMA) and related threats; how IOMMU (SMMU) can help some issues
- Modules 4a-4b: PCIe Review
- Provides a quick overview of the PCIe architecture including packet structure in Non-Flit Mode (NFM)
- Module 5: The IOMMU
- Introduces the IOMMU and how it can be used to help with some security threats; mentions some vulnerabilities with IOMMUs
- Modules 6a-6b: The IOMMU and PCIe ATS (Address Translation Services)
- Describes what ATS is in PCIe and how it interacts with the IOMMU (Translation Agent); Provides a short description of Page Request Services in PCIe as well
- Modules 7: PCIe ACS (Access Control Services)
- Summarizes the features and purpose of ACS in PCIe and how they can be used for added security
- Modules 8: Interrupts - Another Opening
- Describes interrupt delivery using MSI on x86 and ARM platforms; Walks through several successful attacks on x86 systems in this area and how Interrupt Remapping can help
- Module 9a-9b: Threats and Threat Models
- Introduces threat modeling and STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege)
- Module 10a-10b: Intro to Encryption, Keys and Certificates
- Provides a tutorial approach to how encryption keys work (public / private keys), describes side channel attacks, defines nonce and benefits of using
- Module 11a-11b: Using Encryption for Measurement and Authentication
- Defines the terms Measurement and Authentication, Cryptographic Hash Functions (CHF), SHA-1 and SHA-2, digital signatures, encryption vs signing, certificate authorities (CAs), private CAs, digital certificates, certificate types and certificate chains, certificate expiry, certificate digest
- Module 12: X.509 Certificates and Public Key Infrastructure
- Describes certificate layout / format, ASN.1, x.509 certificate contents, object identifiers (OID)
- Module 13: Introducing Alice and Bob
- Describes the typical Alice and Bob security example being applied to a PCIe system
- Module 14a-14b: Diffie-Hellman-Merkle Key Exchange
- Walks through this key exchange process and some of the math behind it; also why it's needed
- Module 15a-15b: AES and AES-GCM
- Introduces AES and then walks through how it gets applied to PCIe; discusses reordering and replay attacks on PCIe
- Module 16: TCG (Trusted Computing Group)
- Introduces the TCG, a Trusted Platform Module (TPM) and the root of trust
- Module 17: PCI-SIG and DMTF Security Enhancements
- Discusses the specifications from the DMTF and what parts are implemented by PCIe, the role of the BMC/SMC, securing a link, encryption keys, trusting the components
- Module 18a-18b: PCIe IDE (Integrity and Data Encryption)
- Provides a great introduction to IDE with PCIe, Link IDE vs Selective IDE, mixing the two in a system / path, retimers impact, multicast, link security and threat models
- Module 19a-19c: PCIe IDE - TLP Details
- Goes through the details of a TLP and protection with a Link IDE Stream as well as a Selective IDE Stream, Message Authentication Code (MAC), dynamic key changes, Trusted Execution Environment (TEE), related counters, IDE transmission and overhead, TLP aggregation, necessary padding, tolerance for interrupts
- Module 20: PCIe IDE - More Details
- IDE Fail Message, ECRC and PCRC, TLP byte ordering with aggregation / PCRC, receipt of bad TLP with bad ECRC vs bad PCRC, poisoned TLPs, selective IDE restrictions
- Module 21: PCIe IDE - Streams, Sub-streams and Ordering
- Ordering importance, initialization vector (IV), ordering rules, sub-stream identifiers and enforcement
- Module 22a-22b: PCIe IDE - Config Space
- Walks through the IDE Extended Capability Structure
- Module 23: PCIe IDE - Review
- What else is needed:, More on I and T from STRIDE
- Module 24a-24e: SPDM (Security Protocol and Data Model)
- SPDM spec versions, weakness of negotiations, SPDM goals, authentication mechanisms, provisioning of keys, PSK, certificate slots, certificate model 1 - Device Certificate, certificate model 2 - Alias Certificate, messages and conversations, SPDM requester / responder, SPDM message format, Messaging Flow: VCA, Mutual Authentication, multiple key exchange examples including a pre-shared key, mutable and immutable elements
- Module 25: CMA (Component Measurement and Authentication)
- Defines which PCIe components need measured / authenticated, algorithms supported, cryptographic timeout (CT), multi-function devices
- Module 26a-26b: IDE_KM (IDE Key Management)
- Provides potential key distribution mechanisms, what is IDE_KM, secure session, live key changing, SPDM Vendor Defined Messages and the contents of the payload section
- Module 27: DOE (Data Object Exchange)
- Defines PCIe DOE and the alternatives available, standardization, walks through DOE Extended Capability Structure, Data Object format, DOE discovery protocol example, timing requirements
- Module 28: MCTP (Management Component Transport Protocol)
- Provides an overview of MCTP, binding impacts, Endpoint IDs, MCTP message types, packet structure 1, 2 and 3, dropping packets, SPDM over MCTP binding, encapsulation
- Module 29: MCTP Over PCIe VDMs (Vendor Defined Messages)
- Walks through the format of MCTP info held in PCIe VDMs
- Module 30: MCTP Over SMBus
- Walks through the format of MCTP info on SMBus
- Module 31a-31b: PCIe 6.0 and Security
- Introduces Flit Mode in PCIe6 then walks through IDE of TLPs held in Flits
- Module 32: PCIe 6.0 Partial Header Encryption
- Discusses the new feature of encrypting portions of the TLP headers added in PCIe6
- Module 33: PCIe 6.0 Segments
- Introduces idea of segments in PCIe and how that impacts IDE
- Module 34: Summary - Putting it all Together
- Summary of this info and what to be mindful about moving forward in setting security policies for a system
| Course Modules |
Module | Length | Module 1 - Outline | 5 minutes | Module 2 - Introduction | 22 minutes | Module 3 - Background and History of IO | 8 minutes | Module 4a - PCIe Review | 29 minutes | Module 4b - PCIe Review | 21 minutes | Module 5 - The IOMMU | 23 minutes | Module 6a - The IOMMU and PCIe ATS (Address Translation Services) | 11 minutes | Module 6b - The IOMMU and PCIe ATS (Address Translation Services) | 24 minutes | Module 7 - PCIe ACS (Access Control Services) | 26 minutes | Module 8 - Interrupts - Another Opening | 24 minutes | Module 9a - Threats and Threat Models | 19 minutes | Module 9b - Threats and Threat Models | 21 minutes | Module 10a - Intro to Encryption, Keys and Certificates | 36 minutes | Module 10b - Intro to Encryption, Keys and Certificates | 26 minutes | Module 11a - Using Encryption for Measurement and Authentication | 23 minutes | Module 11b - Using Encryption for Measurement and Authentication | 29 minutes | Module 12 - X.509 Certificates and Public Key Infrastructure | 16 minutes | Module 13 - Introducing Alice and Bob | 11 minutes | Module 14a - Diffie-Hellman-Merkle Key Exchange | 9 minutes | Module 14b - Diffie-Hellman-Merkle Key Exchange | 18 minutes | Module 15a - AES and AES-GCM | 17 minutes | Module 15b - AES and AES-GCM | 21 minutes | Module 16 - TCG (Trusted Computing Group) | 9 minutes | Module 17 - PCI-SIG and DMTF Security Enhancements | 23 minutes | Module 18a - PCIe IDE (Integrity and Data Encryption) | 20 minutes | Module 18b - PCIe IDE (Integrity and Data Encryption) | 21 minutes | Module 19a - PCIe IDE - TLP Details | 21 minutes | Module 19b - PCIe IDE - TLP Details | 20 minutes | Module 19c - PCIe IDE - TLP Details | 16 minutes | Module 20 - PCIe IDE - More Details | 14 minutes | Module 21 - PCIe IDE - Streams, Sub-streams and Ordering | 13 minutes | Module 22a - PCIe IDE - Config Space | 17 minutes | Module 22b - PCIe IDE - Config Space | 13 minutes | Module 23 - PCIe IDE - Review | 11 minutes | Module 24a - SPDM (Security Protocol and Data Model) | 35 minutes | Module 24b - SPDM (Security Protocol and Data Model) | 20 minutes | Module 24c - SPDM (Security Protocol and Data Model) | 19 minutes | Module 24d - SPDM (Security Protocol and Data Model) | 16 minutes | Module 24e - SPDM (Security Protocol and Data Model) | 25 minutes | Module 25 - CMA (Component Measurement and Authentication) | 11 minutes | Module 26a - IDE_KM (IDE Key Management) | 24 minutes | Module 26b - IDE_KM (IDE Key Management) | 14 minutes | Module 27 - DOE (Data Object Exchange) | 20 minutes | Module 28 - MCTP (Management Component Transport Protocol) | 28 minutes | Module 29 - MCTP Over PCIe VDMs (Vendor Defined Messages) | 13 minutes | Module 30 - MCTP Over SMBus | 17 minutes | Module 31a - PCIe 6.0 and Security | 24 minutes | Module 31b - PCIe 6.0 and Security | 18 minutes | Module 32 - PCIe 6.0 Partial Header Encryption | 9 minutes | Module 33 - PCIe 6.0 Segments | 10 minutes | Module 34 - Summary - Putting it all Together | 7 minutes | |
|