On Oct 22, 2013, at 9:50 PM, John Ioannidis wrote:
> And to add another, there was a presentation on ARM TrustZone, the OS
> inside your CPU, that's seems so designed for backdoors that ARM
> actually gives tips for running TrustZone invisible to the normal OS.
> https://www.hackinparis.com/sites/hackinparis.com/files/Slidesthomasroth.pdf
>
>
> TrustZone sounds like Palladium from 15 or so ago. Have we learned *nothing*?
Actually, there is a difference: Palladium had remote attestation built in -
it was a selling point. People concentrated on that as the "bad" part, thought
the rest could actually be useful. The reference designs let you do whatever
you wanted with your own device - you have full access to the trusted elements,
could sign your own boot loader if you wanted. Of course, someone providing
DRM'ed material could refuse to talk to your system if it didn't attest to
running "acceptable" code.
The new technologies don't build remote attestation in, so avoid the whole
debate. And the base technologies are neutral on the issue of whether you can
write your own trusted code. It's the specific implementations that block you
from changing the keys, the bootloader, any of the code running in the secure
element, etc.
The net effect is similar. Nothing keeps a system builder from including
remote attestation, but because of the nature of the devices, who is doing the
controlling (the cell service providers), and the much higher level of
integration of the components (making it harder to pull pieces out of the
controlled environment) it really doesn't much matter: If you're successfully
talking to the cell network at all, they assume you have "approved" hardware.
(Should people start building their own cell hardware from the ground up -
certainly possible if you don't care about how practical the device is as a
*cell phone*, but extremely difficult if you want something practical - they
could always add remote attestation, or some simplified variant that's good
enough for the cell provider's purposes, later.)
Palladium was subject to political attack because it was open about what it
could do for DRM suppliers. The new technologies are harder to attack this way
because the responsibility is diffused, and the good and the bad are very
thoroughly mixed together. The availability of secure modes in the hardware
can be explained as necessary to allow for safe operation in an unsafe world,
and in and of themselves harmless - just a safer extension of user space/kernel
space isolation. The system builders build things to keep the systems safe
from malware, a known and growing problem. The network providers want to
protect their networks. Everyone sees the need for heavy protection -
including from the device owner - of internal "wallets".
-- Jerry
_______________________________________________
The cryptography mailing list
[email protected]
http://www.metzdowd.com/mailman/listinfo/cryptography
