On Tue, Oct 22, 2013 at 12:29:33PM -0400, Tom Ritter wrote: [...]
> On 22 October 2013 05:24, Ruben Pollan <[email protected]> wrote: > > And to add another, there was a presentation on ARM TrustZone, the OS > inside your CPU, that's seems so designed for backdoors that ARM > actually gives tips for running TrustZone invisible to the normal OS. > https://www.hackinparis.com/sites/hackinparis.com/files/Slidesthomasroth.pdf > > These are increasingly worrying me as well. The Secure Element on > Android can at least (if you root and edit the .xml file) be queried > to learn identifiers of what is installed there, if not directly > interact with them. If you are really worrying about that, you are decades too late. :) ARM-TZ-alike features are already there in other CPU's called SMM, VT-x or SVM, or in your board called IPMI or AMT - or more generic OOB-Management. Or if you worry about phones its called SIM and SIM-toolkit (and this list is far from complete). Yes, if you want a real trustbase and crypto that stands, you have to open-source all of it. Do you know what your keyboard controller is doing? :) http://www.youtube.com/watch?v=tmZ4yXuDSNc Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ [email protected] - SuSE Security Team _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
