Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Wed Nov 21 09:14:35 UTC 2018
On Wed, Nov 21, 2018 at 09:18:19AM +0200, Jarkko Sakkinen wrote:
> On Tue, Nov 20, 2018 at 10:42:01PM -0700, Jason Gunthorpe wrote:
> > > Why you wouldn't use DMA to spy the RAM?
> >
> > The platform has to use IOMMU to prevent improper DMA access from
> > places like PCI-E slots if you are using measured boot and want to
> > defend against HW tampering.
>
> Yes. This is what I wanted to point out. Windows 10 has VBS to
> achieve something like this.
>
> https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
Some trials like Qubes are in existence (uses Xen).
I've been thinking should Linux have a thin hypervisor solely for VBS
like use in order to gain wider adoption.
/Jarkko
More information about the Linux-security-module-archive
mailing list