Rafal Wojtczuk and Joanna Rutkowska - Black Hat
Rafal Wojtczuk and Joanna Rutkowska - Black Hat Rafal Wojtczuk and Joanna Rutkowska - Black Hat
Example #1: Disk Encryption Disk encrypted with a key k, that is sealed into the TPM... Now, only if the correct software (VMM, OS) gets started it will get access to the key k and would be able to decrypt the disk! MS’s Bitlocker works this way.
But the key k must be present in the memory all the time... (the OS needs it to do disk on-the-fly decryption)
- Page 1: Attacking Intel ® Trusted Executio
- Page 4 and 5: Intel ® Trusted Execution Technolo
- Page 6 and 7: TPM 1.2 Passive I/O device (master-
- Page 8 and 9: PCR “extend” operation PCRN+1 =
- Page 10 and 11: TPM seal/unseal example # echo 'Sec
- Page 12 and 13: Both seal/unseal and quote operatio
- Page 14 and 15: BIOS ROM BIOS FLASH BOOT LOADER OS
- Page 18 and 19: So, a malware can sniff it…
- Page 20 and 21: Example #2: User’s Picture Test :
- Page 22 and 23: Problems with SRTM
- Page 24 and 25: Dynamic Root of Trust Measurement (
- Page 26 and 27: A VMM we want to load (Currently un
- Page 28 and 29: TXT bottom line TXT late launch can
- Page 30 and 31: GRUB (1 st stage) GRUB (2 nd stage)
- Page 32: First we start “trusted” Xen (b
- Page 36 and 37: Thanks to tboot only when the trust
- Page 38: Tboot Demo #1: sealing to a trusted
- Page 42 and 43: SENTER is not obligatory!!! TXT and
- Page 44 and 45: Why would a user or an attacker be
- Page 46 and 47: AMD Presidio AMD’s technology sim
- Page 48 and 49: SRTM/DRTM (launch-time protection)
- Page 50 and 51: TXT: exciting new technology with g
- Page 52 and 53: Q: What is more privileged than a k
- Page 54 and 55: Introducing “Ring -2” SMM can a
- Page 56 and 57: SMM vs. TXT?
- Page 58 and 59: Q: Does TXT measure currently used
- Page 60 and 61: Q:So, how does the SENTER deal with
- Page 62 and 63: TXT attack sketch (using tboot+Xen
- Page 64 and 65: Address of the shellcode (in the gu
But the key k must be present in the memory all the time...<br />
(the OS needs it to do disk on-the-fly decryption)