March 31, 2005
17
· detection of any other condition requiring alteration of configuration
This was a design decision: always halting makes it easier to be sure that precondition checks and clean-up are applied
in a known order. POST (infrastructure) failures are treated similarly to Miniboot, halting the module after outputting a
failure status.
Reset
To resume operation, the user must cause another hardware reset. On a hardware level, the device can be reset
by:
· power-cycling the device
· triggering the designated control bit in the Bus Master Control/Status Register accessible from the PCI-X host (it
forces a module reset through the external PCI-X bridge chip).
On a software level, the IBM-supplied host-side device drivers will transparently reset the device (via the "Add-on Reset"
signal) when appropriate:
· When the user "closes" the device after opening it for Miniboot
· When the user "opens" the device for Miniboot, but the device driver detects the device is halted.
· When the user opens the device for ordinary operation, but the host-side driver determines that the device is not
already open. (In this case, the IBM-supplied host-side device drivers will transparently reset the device and also
execute MB0 Continue and MB1 Continue, to try to advance to the Program 2 code.)
Receipts
Upon successful public-key commands, Miniboot 1 provides a signed receipt (to prove to a remote officer
that the command actually took place, on an untampered card). Miniboot 1 also signs its query responses.
7.3
Inbound Authentication
Miniboot authenticates each command request individually.
For N 1, Miniboot authenticates a command from Officer N by verifying that the public-key signature on the command
came from the entity that is Officer N for that card, and was acting in that capacity when the signature was produced.
This approach enables the officers to be located somewhere other than the devices they control.
In a module configured in FIPS mode, signatures are made with 1024-bit DSA keys. Forging 1024-bit DSA signatures on
segment contents is assumed to be infeasible (NIST, "Digital Signature Standard (DSS)", FIPS 1862).
Miniboot authenticates Officer 0 commands (used for emergency repairs when the device is returned to the IBM factory
vault) using secret-key authentication based on TDES keys. Use of any of these commands destroys any other officer
secrets that may remain in the device. (Note that these commands are not available outside the secure manufacturing
facilities, but are sometimes mentioned for completeness.)
The module has a dedicated jumper wire to destroy secrets if a security-conscious user does not wish secrets to leave the
site when the module is serviced or repaired. Removing the jumper wire disconnects the battery path and zeroizes the
module through a hard voltage tamper (p. 28).
7.4
Outbound Authentication
At the last stage of manufacturing, Miniboot on a card generates its first keypair. IBM certifies the public key to belong
to that untampered card with that version of Miniboot. This certificate attests that the entity which knows the private key