Rafal Wojtczuk and Joanna Rutkowska - Black Hat
Rafal Wojtczuk and Joanna Rutkowska - Black Hat Rafal Wojtczuk and Joanna Rutkowska - Black Hat
Example #2: User’s Picture Test :) During installation, a user takes a picture of themselves using a built-in in laptop camera... This picture is stored on disk, encrypted with key kpic, which is sealed by the TPM… Now, on each reboot — only if the correct software got loaded, it will be able to retrieve the key kpic and present a correct picture to the user. Important: after the use accepts the picture, the software should extend PCR’s with some value (e.g. 0x0), to lock access to the key kpic
Example #3: Remote Attestation Each computer needs to “authenticate” itself to the monitoring station using the TPM Quote command… If a computer is discovered in a corporate network that hasn’t authenticated using TPM Quote with expected PCR registers, an alarm should be raised (e.g. this computer should be disconnected from the corporate network). Convenient for corporate scenarios with centralized monitoring server.
- Page 1: Attacking Intel ® Trusted Executio
- Page 4 and 5: Intel ® Trusted Execution Technolo
- Page 6 and 7: TPM 1.2 Passive I/O device (master-
- Page 8 and 9: PCR “extend” operation PCRN+1 =
- Page 10 and 11: TPM seal/unseal example # echo 'Sec
- Page 12 and 13: Both seal/unseal and quote operatio
- Page 14 and 15: BIOS ROM BIOS FLASH BOOT LOADER OS
- Page 16 and 17: Example #1: Disk Encryption Disk en
- Page 18 and 19: So, a malware can sniff it…
- Page 22 and 23: Problems with SRTM
- Page 24 and 25: Dynamic Root of Trust Measurement (
- Page 26 and 27: A VMM we want to load (Currently un
- Page 28 and 29: TXT bottom line TXT late launch can
- Page 30 and 31: GRUB (1 st stage) GRUB (2 nd stage)
- Page 32: First we start “trusted” Xen (b
- Page 36 and 37: Thanks to tboot only when the trust
- Page 38: Tboot Demo #1: sealing to a trusted
- Page 42 and 43: SENTER is not obligatory!!! TXT and
- Page 44 and 45: Why would a user or an attacker be
- Page 46 and 47: AMD Presidio AMD’s technology sim
- Page 48 and 49: SRTM/DRTM (launch-time protection)
- Page 50 and 51: TXT: exciting new technology with g
- Page 52 and 53: Q: What is more privileged than a k
- Page 54 and 55: Introducing “Ring -2” SMM can a
- Page 56 and 57: SMM vs. TXT?
- Page 58 and 59: Q: Does TXT measure currently used
- Page 60 and 61: Q:So, how does the SENTER deal with
- Page 62 and 63: TXT attack sketch (using tboot+Xen
- Page 64 and 65: Address of the shellcode (in the gu
- Page 67: The final outcome...
Example #2: User’s Picture Test :)<br />
During installation, a user takes a picture of themselves using a<br />
built-in in laptop camera...<br />
This picture is stored on disk, encrypted with key kpic, which is<br />
sealed by the TPM…<br />
Now, on each reboot — only if the correct software got<br />
loaded, it will be able to retrieve the key kpic <strong>and</strong> present a<br />
correct picture to the user.<br />
Important: after the use accepts the picture, the software should<br />
extend PCR’s with some value (e.g. 0x0), to lock access to the<br />
key kpic