[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?
Henrik Nordström
henrik at henriknordstrom.net
Thu Jul 5 11:52:17 BST 2012
tor 2012-07-05 klockan 09:57 +0000 skrev nil:
> Your fear is (mostly) unnecessary. Also, coreboot?
> (also, not all laptops have TPMs; and they're even less useful to an attacker
> than hardware virtualization.)
Actually the TPM is very useful for you to protect from attacks. With
the TPM you can lock down the hardware to only accept you, and you can
make sure any tampering with your device gets noticed by you.
> > Thereby, a hacker can hack into the local LAN to hack into a netbook's
> > AMD's virtualization:
> Doesn't follow.
The theory goes as
1. LAN gets hacked
2. From LAN the box gets hacked
3. On the box the hacker installs a rootkit as a hypervisor. As
demonstrated with Intel VT this can be done runtime if virtualization is
enabled but no hypervisor currently running.
> > A8 has TrustZone. I am assuming A10 is TrustZone capable.
> Quite possibly, although I'd be surprised if it was actually used in any
> products.
Allwinner A10 mentions TrustZone in it's marketing. TrustZone can be
used for implementing a TPM kind of solution. But infotmation on the
trustzone implementation in Allwinner A10 is very scarse.
> Since hardware virtualization per se is not a "backdoor[] for hackers,
> government, etc," they are correct to be unconcerned, and I am guessing it is
> because the questions were ill-founded. Apophenia and paranoia, however useful
> they might be in one's own circumstances, are liabilities in the design of
> secure systems.
Actually virtualization is a great tool for increasing system security
if used right.
Regards
Henrik
More information about the arm-netbook
mailing list