On 10.4.2014 14:25, Jussi Laako wrote:
If we like, we can make a separate external trusted hardware where passwords are input and directly transferred to the gSSO storage without ever involving display server. This at least prevents display server
I think I can fairly easily modify the HID input layer for secure input such way that there is a special secure device node that cannot be accessed by display server, only by gSSO and it would be able to redirect all input from normal HID to the special device on request. Thus display server wouldn't be able to see the input (it's HID devices would just go silent for that period).
I could also make a "launch PayPal app" hardware button that is accessible only to a hypervisor layer below Linux kernel. Or button could be hardwired to a separate co-processor having override access to display hardware and this co-processor would run the PayPal app. Normal data lines between APE and display would go to Z mode when the co-processor is activated. Pretty easy to implement with FPGA actually.
But check out pinentry source codes, it has some basic anti-eavesdropping features. Although I love topic of secure display/input mode.
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
