The Linux SVSM project
The Linux SVSM project
Posted Feb 7, 2023 10:16 UTC (Tue) by JanC_ (guest, #34940)In reply to: The Linux SVSM project by farnz
Parent article: The Linux SVSM project
Posted Feb 7, 2023 11:49 UTC (Tue)
by farnz (subscriber, #17727)
[Link] (3 responses)
But the security processor is part of the hardware design - if I can backdoor the software on the security processor, then I can write software that puts you into a VM it controls, and backdoors you that way. After all, nothing stops the CPU "booting" by running a hypervisor that leaves the security processor in total control, exposing what appears to be a "bare metal" interface, but in fact indirecting everything through the security processor's control.
Posted Feb 7, 2023 14:28 UTC (Tue)
by JanC_ (guest, #34940)
[Link] (2 responses)
Posted Feb 7, 2023 14:33 UTC (Tue)
by farnz (subscriber, #17727)
[Link] (1 responses)
Right, but the processor he verifies could itself have a security processor that's hidden, and that runs the verified code in a hypervisor allowing the CPU manufacturer to backdoor it. There is simply no affordable route, short of trusting the CPU manufacturer, to verify that the hardware they have described to you is the hardware that's running in your system. The best you can do is to destroy a random sample of CPUs, reverse-engineering them with an electron microscope, to confirm that there's nothing hidden - and this is both expensive, and also depends on the CPU manufacturer including backdoored CPUs in the set you destroy.
And even then, you have to trust that the electron microscope is not backdoored, and that the reverse engineers are honest…
Posted Mar 11, 2023 1:57 UTC (Sat)
by ghane (guest, #1805)
[Link]
... also that farnz hasn't backdoored the problem statement.
... and that corbet hasn't backdoored the comment which told us exactly what to do to check.
My head hurts. :-)
The Linux SVSM project
The Linux SVSM project
The Linux SVSM project
The Linux SVSM project