Page 8
Page 8
Posted Dec 26, 2015 3:03 UTC (Sat) by JesseW (subscriber, #41816)In reply to: Page 8 by rsidd
Parent article: Rutkowska: State considered harmful - A proposal for a stateless laptop
Cool, that was more or less what I thought, having read more of the paper now. Thanks for making it explicit. The paper does discuss some ways to work around possible corruption from Intel, on page 27:
> We would like to treat most of the platform firmware as untrusted. ... While it should be obvious why Intel ME should be considered untrusted, ... it is currently very difficult (impossible?) to have a truly open source BIOS which would not need to execute Intel-provided blobs such as the Intel FSP.
> The trick of keeping the platform’s firmware on the trusted stick is a game-
changer here, because we can be reasonably confident the stick will: 1) imple-
ment proper read-only protection, this way stopping any potential flash-persisting
attacks originating from the platform, and 2) even if the firmware was to be
somehow malicious, the construction of our stateless laptop leaves no places for
the malware to store any data stolen from the user.
> We would like to treat most of the platform firmware as untrusted. ... While it should be obvious why Intel ME should be considered untrusted, ... it is currently very difficult (impossible?) to have a truly open source BIOS which would not need to execute Intel-provided blobs such as the Intel FSP.
> The trick of keeping the platform’s firmware on the trusted stick is a game-
changer here, because we can be reasonably confident the stick will: 1) imple-
ment proper read-only protection, this way stopping any potential flash-persisting
attacks originating from the platform, and 2) even if the firmware was to be
somehow malicious, the construction of our stateless laptop leaves no places for
the malware to store any data stolen from the user.