Menu
▾
▴
Re: [tboot-devel] Attack on tboot/TXT to be revealed
|
From: Jonathan M. M. <jon...@cm...> - 2009-01-06 13:13:59
|
I wonder if this is related to the TPM driver bug recently posted to the tpmdd-devel list: *** snip *** Please correct me if I am wrong, but this bug DOES mean we are basically doing: if (random memory contents) (random memory contents)(foo); at suspend and resume, isn't it? *** snip *** -Jon Hal Finney wrote: > Ran across this blog posting reporting an attack on the security of > tboot and/or TXT: > > http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html > > see also: > > http://invisiblethingslab.com/press/itl-press-2009-01.pdf > > >From the documents: > > "Our attack comprises two stages. The first stage requires an > implementation flaw in a specific system software. The second stage of > the attack is possible thanks to a certain design decision made in the > current TXT release. > > "While evaluating the effectiveness of the Intel(R) TXT technology, as > part of a work done for a customer, we have identified several > implementation flaws in the Intel's system software, which allowed to > conduct the above mentioned stage-one attack. We have provided Intel > with extensive description of the flaws in December 2008, and Intel is > currently working on fixing those vulnerabilities. > > "We have also been in touch with Intel about the possibility of > conducting the second-stage attack since November 2008. In December, > after providing Intel with the details about the first-stage attack, > Intel promised to release, in the coming weeks, an updated TXT > specification for developers that would explain how to design their > TXT-based loaders in such a way that they are immune to our attack. > Intel claims the current Intel(R) TXT release does contain the basic > building blocks that could be used to prevent our second-stage attack > and the release of the additional specification would make it feasible > in practice." > > More details are to be announced at the Black Hat conference in > February, in Washington DC. > > It will be interesting to learn more about this attack scenario over > the next few weeks. Hopefully Intel will be able to release > information to help assure developers that the security potential of > TXT is fully realized. It has sometimes been unclear to me whether > tboot claims to provide full TXT security or is still considered a > work in progress, with known weaknesses which are intended to be > addressed in future versions. > > Hal Finney > > ------------------------------------------------------------------------------ > _______________________________________________ > tboot-devel mailing list > tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tboot-devel > > |
