On Fri, Feb 20, 2009 at 1:48 AM, Courtay Olivier
<Oli...@th...> wrote:
> Their are available here:
> http://theinvisiblethings.blogspot.com/2009/02/attacking-intel-txt-paper-and-slides.html
Thanks, that was interesting. They focus on breaking the SMM mode,
apparently via BIOS bugs. Just reading BIOS SMM code is actually quite
difficult, and they exploited a different BIOS bug to be able to do
that. Then they found bugs in the BIOS SMI handling code which could
allow further exploits.
The PC architecture is such a hack. One wonders sometimes if the idea
of making a PC into a "trusted computer" is just a pipe dream.
TXT is supposed to be protected against SMM via a SMM Transfer
Monitor, STM. None of these exist yet apparently. The authors point
out that there will be no guarantee that they work right, when they do
come out. I'd suggest that you could say the same thing about the
SINIT module which is at least as important. I wish Intel would
publish the source code of these modules for review.
In any case I believe the STM code is part of what gets hashed into
the PCRs on TXT launch, right? So in the future you will be able to
tell if a system has implemented an STM, which should add confidence
that the TXT mode is secure.
Hal Finney
|
