|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alexander Sotirov (alex
sotirov.net)
Date: Mon Nov 24 2008 - 06:52:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Nov 23, 2008 at 04:06:40PM +0100, Joanna Rutkowska wrote:
> ... which, of course, doesn't prevent the hypervisor from being exploited 5 secs
> after it got securely loaded, e.g. via some buffer overflow bug...
Of course :-)
> But, nevertheless, yes, this indeed is a very important feature of the TPM (and
> the whole trusted boot concept, like e.g. Intel TXT), and people should
> eventually stop talking that TPM is bad. It is not, and it indeed can provide
> great value for users concerned about security (and not only physical security!).
>
> BTW, I'm also glad to see a VMWare researcher acknowledging it :) So far, only
> the Xen hypervisor can use the trusted boot mechanism via the Intel-provided
> tboot component AFAIK. So, looking forward to see the ESX implementing trusted
> boot at some point in time.
Actually I just quit VMware, so my opinions are my own. I can't speak for the
company or comment on ESX.
I do agree that TPM has a lot more interesting uses than just DRM. It really
looks like we're building something similar to the Secure Hardware Environment
from Rainbow's End. I'm not sure if that's a good thing or not, but I doubt it
can be stopped, so we might as well try to take advantage of it.
Take care,
Alex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkkqo30ACgkQ6MVeVwnnQQQX1gCgiRun4uFihL9+cob4tJIKV0g/
MSkAnjQdXR5gtCGYfB2siYo7cj5kKiiw
=xobm
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]