Dailydave mailing list archives
Re: CSI 2008 Redux
From: Joanna Rutkowska <joanna () invisiblethingslab com>
Date: Sun, 23 Nov 2008 16:06:40 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander Sotirov wrote:
On Sat, Nov 22, 2008 at 08:03:28AM -0500, Dave Aitel wrote:And I don't understand why you need a trusted computing chip if you decide to trust your hypervisor in the first place. Trusting the hypervisor instead of a public key on a chip from Dell makes a lot more sense. It's more configurable in a user-friendly way, and less configurable in a RIAA/Big Brother friendly way.Because with a TPM chip you can verify (remotely) that the hypervisor that booted on the machine is really the one you trust, and not a malicious or backdoored one.
... which, of course, doesn't prevent the hypervisor from being exploited 5 secs after it got securely loaded, e.g. via some buffer overflow bug... But, nevertheless, yes, this indeed is a very important feature of the TPM (and the whole trusted boot concept, like e.g. Intel TXT), and people should eventually stop talking that TPM is bad. It is not, and it indeed can provide great value for users concerned about security (and not only physical security!). I wish people who complain so much about TPM read the spec first and then make their complaints. Of course, there could be some undocumented functionality there (=backdoor), but this applies equally well to you network card, graphics card, the chipset and even the processor ;) BTW, I'm also glad to see a VMWare researcher acknowledging it :) So far, only the Xen hypervisor can use the trusted boot mechanism via the Intel-provided tboot component AFAIK. So, looking forward to see the ESX implementing trusted boot at some point in time. joanna. -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkpcWsACgkQORdkotfEW84RXQCgocwxJ+g5A8vws1un85MG4Ic4 8y8Anid9O2faB5U9mJKG1FSDDbpoL1gU =UnZ0 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- CSI 2008 Redux Dave Aitel (Nov 22)
- Re: CSI 2008 Redux RB (Nov 23)
- Re: CSI 2008 Redux Matthijs Koot (Nov 26)
- Re: CSI 2008 Redux RB (Nov 27)
- Re: CSI 2008 Redux Bruce Ediger (Nov 27)
- Re: CSI 2008 Redux RB (Nov 28)
- Re: CSI 2008 Redux Matthijs Koot (Nov 26)
- Re: CSI 2008 Redux RB (Nov 23)
- Re: CSI 2008 Redux Joanna Rutkowska (Nov 23)
- Re: CSI 2008 Redux Alexander Sotirov (Nov 24)