lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20091006081258.GB1469@ucw.cz>
Date:	Tue, 6 Oct 2009 10:12:58 +0200
From:	Pavel Machek <pavel@....cz>
To:	Roland Dreier <rdreier@...co.com>
Cc:	Henrique de Moraes Holschuh <hmh@....eng.br>,
	"Wang, Shane" <shane.wang@...el.com>,
	Arjan van de Ven <arjan@...radead.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	"Rafael J. Wysocki" <rjw@...k.pl>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Ingo Molnar <mingo@...e.hu>,
	Thomas Gleixner <tglx@...utronix.de>,
	"Cihula, Joseph" <joseph.cihula@...el.com>
Subject: Re: [GIT PULL] x86/txt for v2.6.32

On Sat 2009-10-03 13:44:22, Roland Dreier wrote:
> 
>  > > > So I modify the RAM content so that BIOS does not think measured
>  > > > environment existed before suspend?
> 
>  > And it is ridiculously easy to pull off, too:
>  > http://www.engadget.com/2008/02/21/cold-boot-disk-encryption-attack-is-shockingly-effective/
>  > 
>  > Shows the attack being used to read sensitive keys, but you can use it also
>  > to *modify* system running state (it will be more difficult, as you need to
>  > remove and replace the RAM while on S3 instead of S5, but it should be
>  > doable by someone who knows what he is doing).
> 
> I believe the whole point of this TXT / S3 handling is that the resume
> from S3 will then be able to detect that the contents of RAM have been
> modified while the system was asleep.

...and you are able to read out any keys, etc. Maybe that's expected &
ok, but Doc*/intel_txt.txt does not actually tell me what it protects
against and is pretty much useless... making patches impossible to
review.

So... what does txt protect?

Data integrity only?

Data privacy, too?

Who is it designed to protect against?

Remote attacker?

Local user trying to subvert it?

...and has soldering iron he's willing to use?

...and has soldering iron, osciloscope and PCI analyzer he's willing to use?

> TXT simply produces a reasonably trustworthy measurement of system
> state.  If you modify RAM while the system is asleep, then you will not
> be able to produce a measurement showing an unmodified system state.

Well, actually I see some auditing to be done in proposed patches.

									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ