[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User Security
Joerg Bornschein
joerg@zilium.de
Thu, 22 Mar 2001 18:19:42 +0100
On Thu, Mar 22, 2001 at 05:35:36PM +0100, wojtek@ifirma.pl wrote:
Hi,
> But wait a minute, there is an option, unfortunately quite hard to
> implement: boot from the token. It would require two things to be put on a
> token: 1. bootstrap 2. kernel signature. Then the bootstrap would only load
> the kernel from hard drive and verify its signature. Then the kernel would
> be responsible for verifying signatures of software it loads. The trusted
> set of certificates might reside on the token. Lets also grant that the
> bootstrap and your OS vendor cert is always read-only.
>
> Do you find this possible? Anything wrong in this scenario?
Sounds good, and its getting harder.... but:
The real system has been manipulated to starts a virtual machine (do i
hear VMWare?) just after booting. This virtual machine in turn follows
the "normal" boot prrocedure -- e.g. requesting bootstrap code from
your token.
After n seconds the real machine interrupts your virtual one and manipuates
the system you now trust.
Ok, it will be hard work -- but maybe your next BIOS update includes
this "feature"....
joerg
--
The known is finite; the unknown infinite. Intellectually we stand on
an islet in the midst of an illimitable ocean of inexplicability. Our
business in every generation is to reclaim a little more land..
--T.H. Huxley