Re: [tboot-devel] Attack on tboot/TXT to be revealed

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> From: Hal Finney [mailto:hal...@gm...]
> Sent: Tuesday, January 06, 2009 7:26 PM
>
> There is one aspect of tboot security which I always wondered about.
> Maybe someone could reassure me that it is OK.
>
> Shouldn't the MLE check to see that the page tables are/were set up
> correctly? It seems that TXT envisions that the MLE will turn on
> paging, but I don't think tboot does so, it stays in physical memory
> mode. However, TXT measures the MLE via the page tables. My concern is
> whether a malicious tboot could move pages 2-n of the MLE up one page,
> insert malicious code in the 2nd physical page, and set up the page
> tables to skip the page with the malicious code. Then TXT, following
> the page tables, would measure the same hash value as unmodified
> tboot, but when the code executed and crossed over from the 1st page
> into the 2nd page, it would start executing malicious code.
>
> To prevent this, the MLE should check, within page 1, that the page
> table used for measurement matches what it was supposed to be. I'm not
> certain, but I don't think there is such a check in tboot. Is this an
> issue?

This has been on my todo list for a while now but I haven't gotten to it yet (it *is* covered in the MLE Developers Manual, however).  Now that I just finished a few patches (and one more to come that requires Xen support), I should be able to knock this out pretty soon.

Joe