From: Courtay O. <Oli...@th...> - 2009-02-20 09:48:28
|
Their are available here: http://theinvisiblethings.blogspot.com/2009/02/attacking-intel-txt-paper-and-slides.html Olivier |
From: Hal F. <hal...@gm...> - 2009-02-21 00:09:41
|
On Fri, Feb 20, 2009 at 1:48 AM, Courtay Olivier <Oli...@th...> wrote: > Their are available here: > http://theinvisiblethings.blogspot.com/2009/02/attacking-intel-txt-paper-and-slides.html Thanks, that was interesting. They focus on breaking the SMM mode, apparently via BIOS bugs. Just reading BIOS SMM code is actually quite difficult, and they exploited a different BIOS bug to be able to do that. Then they found bugs in the BIOS SMI handling code which could allow further exploits. The PC architecture is such a hack. One wonders sometimes if the idea of making a PC into a "trusted computer" is just a pipe dream. TXT is supposed to be protected against SMM via a SMM Transfer Monitor, STM. None of these exist yet apparently. The authors point out that there will be no guarantee that they work right, when they do come out. I'd suggest that you could say the same thing about the SINIT module which is at least as important. I wish Intel would publish the source code of these modules for review. In any case I believe the STM code is part of what gets hashed into the PCRs on TXT launch, right? So in the future you will be able to tell if a system has implemented an STM, which should add confidence that the TXT mode is secure. Hal Finney |