Menu
▾
▴
Re: [tboot-devel] Buying a machine that will actually work with TXT
|
From: Hal F. <hal...@gm...> - 2008-07-16 17:45:01
|
In the VMM space there has long been competition from the microkernel camp, exemplified by L4. Microkernels have some advantages and some disadvantages compared to VMMs, but they are an alternative that might be considered for Tboot style trusted computing. There is a cool L4 demo of a secure window manager that takes only 1500 lines of code in the TCB, called Nitpicker. The paper is here, http://os.inf.tu-dresden.de/papers_ps/feske-nitpicker.pdf , and you can download a demo CD with that and some other projects from http://demo.tudos.org/ . Nitpicker allows multiple OS's to be running, each putting up windows on the screen. One OS is in the front and its windows are shown differently from the others. I believe it does succeed in keeping each OS's window contents secret from the others. The big weakness IMO in these TC concepts is the size of the Trusted Computing Base. The bigger the TCB, the more likely it is buggy, and that the foundation of your security is weak. Something like this approach seems to give a large bang for the buck in terms of keeping TCB size down. I'm not sure exactly what they're for, but the TPM chip has one or more General Purpose I/O pins which can be read/written by software. Presently the TPM specs define the use of one of these pins, from the PC Client Implementation for BIOS Specification, https://www.trustedcomputinggroup.org/specs/PCClient/TCG_PCClientImplementationforBIOS_1-20_1-00.pdf : "Currently the only defined usage of the GPIO is for use by the GPIO-Express-00 pin, which allows software to control an enabling of a feature of PCI Express using the TCS_EN pin of the PCI Express Root Complex per the PCI Express Trusted Configuration Space ECR. This enabling is not always required by the platform's specific architecture and design, but if this signal is required, it must be implemented as described in this section. The PC Client TPM Interface Specification maps the value of the least significant bit of TPM_NV_INDEX_GPIO_00 data to the GPIO-Express-00 pin. This bit will be called the GPIO-Express-00 bit for documentation purposes." I'm not clear on what all this means, but apparently this I/O pin is mapped into some feature of the PCI bus, something called the Trusted Configuration Space. I don't know if the PCI specs would shed significant light on what this can be used for. Hal Finney |
