Home page logo

dailydave logo Dailydave mailing list archives

Re: CSI 2008 Redux
From: Joanna Rutkowska <joanna () invisiblethingslab com>
Date: Sun, 23 Nov 2008 16:06:40 +0100

Hash: SHA1

Alexander Sotirov wrote:
On Sat, Nov 22, 2008 at 08:03:28AM -0500, Dave Aitel wrote:
And I don't understand why you need a trusted computing chip if you decide
to trust your hypervisor in the first place. Trusting the hypervisor instead
of a public key on a chip from Dell makes a lot more sense. It's more
configurable in a user-friendly way, and less configurable in a RIAA/Big
Brother friendly way.

Because with a TPM chip you can verify (remotely) that the hypervisor that
booted on the machine is really the one you trust, and not a malicious or
backdoored one.

... which, of course, doesn't prevent the hypervisor from being exploited 5 secs
after it got securely loaded, e.g. via some buffer overflow bug...

But, nevertheless, yes, this indeed is a very important feature of the TPM (and
the whole trusted boot concept, like e.g. Intel TXT), and people should
eventually stop talking that TPM is bad. It is not, and it indeed can provide
great value for users concerned about security (and not only physical security!).

I wish people who complain so much about TPM read the spec first and then make
their complaints. Of course, there could be some undocumented functionality
there (=backdoor), but this applies equally well to you network card, graphics
card, the chipset and even the processor ;)

BTW, I'm also glad to see a VMWare researcher acknowledging it :) So far, only
the Xen hypervisor can use the trusted boot mechanism via the Intel-provided
tboot component AFAIK. So, looking forward to see the ESX implementing trusted
boot at some point in time.

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]