On Thu, 10 Apr 2014 14:44:32 +0300 Jussi Laako <[email protected]> said:
> On 10.4.2014 14:25, Jussi Laako wrote: > > If we like, we can make a separate external trusted hardware where > > passwords are input and directly transferred to the gSSO storage without > > ever involving display server. This at least prevents display server > > I think I can fairly easily modify the HID input layer for secure input > such way that there is a special secure device node that cannot be > accessed by display server, only by gSSO and it would be able to > redirect all input from normal HID to the special device on request. > Thus display server wouldn't be able to see the input (it's HID devices > would just go silent for that period). and what do you do when kernel is malicious (compromised) ? :) or hypervisor? again - you have to trust at some point. my point here is the display server is an element of a trusted system. and to the original topic - if a user can do it, it has access too. > I could also make a "launch PayPal app" hardware button that is > accessible only to a hypervisor layer below Linux kernel. Or button > could be hardwired to a separate co-processor having override access to > display hardware and this co-processor would run the PayPal app. Normal > data lines between APE and display would go to Z mode when the > co-processor is activated. Pretty easy to implement with FPGA actually. > > But check out pinentry source codes, it has some basic > anti-eavesdropping features. Although I love topic of secure > display/input mode. > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > -- Carsten Haitzler (The Rasterman) <[email protected]> _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
