Dailydave mailing list archives

Re: CSI 2008 Redux

From: Joanna Rutkowska <joanna () invisiblethingslab com>
Date: Sun, 23 Nov 2008 16:06:40 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Sotirov wrote:

On Sat, Nov 22, 2008 at 08:03:28AM -0500, Dave Aitel wrote:

And I don't understand why you need a trusted computing chip if you decide
to trust your hypervisor in the first place. Trusting the hypervisor instead
of a public key on a chip from Dell makes a lot more sense. It's more
configurable in a user-friendly way, and less configurable in a RIAA/Big
Brother friendly way.


Because with a TPM chip you can verify (remotely) that the hypervisor that
booted on the machine is really the one you trust, and not a malicious or
backdoored one.


... which, of course, doesn't prevent the hypervisor from being exploited 5 secs
after it got securely loaded, e.g. via some buffer overflow bug...

But, nevertheless, yes, this indeed is a very important feature of the TPM (and
the whole trusted boot concept, like e.g. Intel TXT), and people should
eventually stop talking that TPM is bad. It is not, and it indeed can provide
great value for users concerned about security (and not only physical security!).

I wish people who complain so much about TPM read the spec first and then make
their complaints. Of course, there could be some undocumented functionality
there (=backdoor), but this applies equally well to you network card, graphics
card, the chipset and even the processor ;)

BTW, I'm also glad to see a VMWare researcher acknowledging it :) So far, only
the Xen hypervisor can use the trusted boot mechanism via the Intel-provided
tboot component AFAIK. So, looking forward to see the ESX implementing trusted
boot at some point in time.

joanna.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkpcWsACgkQORdkotfEW84RXQCgocwxJ+g5A8vws1un85MG4Ic4
8y8Anid9O2faB5U9mJKG1FSDDbpoL1gU
=UnZ0
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

CSI 2008 Redux Dave Aitel (Nov 22)
- Re: CSI 2008 Redux RB (Nov 23)
  - Re: CSI 2008 Redux Matthijs Koot (Nov 26)
    - Re: CSI 2008 Redux RB (Nov 27)
    - Re: CSI 2008 Redux Bruce Ediger (Nov 27)
    - Re: CSI 2008 Redux RB (Nov 28)
- Re: CSI 2008 Redux Alexander Sotirov (Nov 23)
  - Re: CSI 2008 Redux Joanna Rutkowska (Nov 23)
    - Re: CSI 2008 Redux Alexander Sotirov (Nov 24)