Posted Feb 8, 2007 7:52 UTC (Thu) by drag
In reply to: The Difference
Parent article: Bitfrost: the OLPC security model
Well that is why stuff like TPM can be very good. It has the capability of giving over more control to the end user to fend off malicious code and attackers.
For example kernel mode rootkits.
Lets say you have TPM on the motherboard. It has some keys in itfor something like the signed key of the 'trusted grub' bootloader.
The system boots, TPM stuff is activated and tests grub binaries and grub's key cache. If they are swell then it's executed. Grub then uses it's key stash to validate the kernel and initrd. Those are brought up, executed and ran.
They have their own keys to keep track of the kernel modules and test them before loading them. And also probably will test the validity of various important system files and configurations.
Currently, with no TPM or similar technology, there is no possible way to ever ever use something like 'root kit hunter' (or any anti-rootkit software) and trust anything it tells you about the safety of your system.
The only practical way to do that sort of thing now is to take the machine offline, use something like Tripware from a different boot medium to take checksums of your system and store that in offline or read-only storage. Then you can later take down the machine and re-run the checksums to confirm the purity of your binaries. But if you can be sure that your kernel is pristine and that all the drivers are safe.. then you can effectively combat rootkits while your system is running. As long as the running kernel is safe from exploits then TPM can raise the security and trustability of your system to new heights.
If you end up with machines that can do things like test code as it's being executed then you can potentially even trust kernels that may have a local vunerability in them.
It all depends who has the keys. If you have the keys, as the owner.. Then TPM is wonderfull. If you don't have the keys and somebody else has more control over your system then you do, then TPM sucks majorly.
The challenge with this Bitfrost is to come to happy solution were you can prevent the theft of laptops, and use 'trusted computing' type features to secure the userspace from softare vunerabilities, while still allowing end users (the children) the freedom to modify their systems.
If Bitfrost works out then this can be a huge selling point for Linux desktops. If it can be applied to something like a corporate desktop environment were you can allow things like password-less (or at least be not so dependant on passwords) user identity management, simple PKI infrastructure, per-user VM (with efficiency!), etc etc. Then this can be huge attraction for Linux desktop adoption for some people.
How well could this Bitfrost can be applied to increasing the security of corporate or home desktop systems?
to post comments)