TPM & disk crypto

[cyphrpunk]

On 10/10/06, Adam Back <adam at cypherspace.org> wrote:
> I think the current CPUs / memory managers do not have the ring -1 /
> curtained memory features, but already a year ago or more Intel and
> AMD were talking about these features.  So its possible the for
> example hypervisor extra virtualization functionality in recent
> processors ties with those features, and is already delivered?  Anyone
> know?

Intel LaGrande Technology is supposed to ship soon and combines
virtualization with TPM integration so you can load what they call a
MVMM: a measured virtual machine monitor. "Measured" means the hash
goes securely to the TPM so it can attest to it, and third parties can
verify what VMM you are running. Then the security properties would
depend on what the VMM enforces. The MVMM runs in what you might call
ring -1, while the OS running in ring 0 has only virtualized access to
certain system resources like page tables.

One thing the MVMM could do is to measure and attest to OS properties.
Then if you patched the OS to bypass a signed-driver check, it might
not work right.

One question that was raised is how these systems can be robust
against OS upgrades and such. It would seem that ultimately this will
require attestation to be based on a signing key rather than the code
fingerprint. Rather than hashing the code it loads, the MVMM would
verify that the code is signed by a certain key, and hash the key,
sending that to the TPM. Then any code signed by the same key could
produce the same attestation and have access to the same sealed data.

The TCG infrastructure working group is supposed to standardize what
kinds of attestions will be used and what they will mean.

CP

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com