On 10/10/06, Adam Back <[EMAIL PROTECTED]> wrote:
I think the current CPUs / memory managers do not have the ring -1 / curtained memory features, but already a year ago or more Intel and AMD were talking about these features. So its possible the for example hypervisor extra virtualization functionality in recent processors ties with those features, and is already delivered? Anyone know?
Intel LaGrande Technology is supposed to ship soon and combines virtualization with TPM integration so you can load what they call a MVMM: a measured virtual machine monitor. "Measured" means the hash goes securely to the TPM so it can attest to it, and third parties can verify what VMM you are running. Then the security properties would depend on what the VMM enforces. The MVMM runs in what you might call ring -1, while the OS running in ring 0 has only virtualized access to certain system resources like page tables. One thing the MVMM could do is to measure and attest to OS properties. Then if you patched the OS to bypass a signed-driver check, it might not work right. One question that was raised is how these systems can be robust against OS upgrades and such. It would seem that ultimately this will require attestation to be based on a signing key rather than the code fingerprint. Rather than hashing the code it loads, the MVMM would verify that the code is signed by a certain key, and hash the key, sending that to the TPM. Then any code signed by the same key could produce the same attestation and have access to the same sealed data. The TCG infrastructure working group is supposed to standardize what kinds of attestions will be used and what they will mean. CP --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]