Hi Carl-Daniel, Having an IOMMU is not necessary since our goal is only to prevent DMA write to a region of memory. We have come up with techniques that can prevent DMA writes on legacy systems without an IOMMU. Also, Pioneer is not LinuxBIOS-specific. It can be incorporated into any SMM code.
Cheers, Arvind On Fri, 12 Jan 2007, Carl-Daniel Hailfinger wrote: > Hi Arvind, > > Arvind Seshadri wrote: > > Pioneer provides the stronger guarantee that the program whose integrity > > is checked is the one that is invoked for execution. In other words, an > > attacker cannot modify the program between the time its integrity is > > checked and the time the program is invoked for execution. Also, where as > > But an attacker can modify the program directly after its execution has > started. So Pioneer secures exactly one machine instruction more than > SEBOS. I don't think that this is impressive. With current hardware it > is impossible (except if you use an IOMMU) to guarantee that a program > is not modified during execution. > I hope I didn't discuorage you and am still very interested in the > results of Pioneer. > > > AEGIS and TCG only measure programs loaded at system boot, Pioneer can > > measure and launch programs at any point in time. The property provided by > > Pioneer is, therefore, similar to the late-launch capability of Intel's LT > > and AMD's SVM, which can be used to design systems with substantially > > smaller trusted computing bases than AEGIS and TCG. Unlike LT and SVM > > however, Pioneer is completely software-based and can be used on legacy > > systems. > > Only on legacy systems with LinuxBIOS or on all legacy systems? > > Regards, > Carl-Daniel > > -- linuxbios mailing list [email protected] http://www.openbios.org/mailman/listinfo/linuxbios
