Step 1 create aesta2on iden2ty key aik details not

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: h Suppose BIOS code is updated by a firmware update. How would the system enable access to blobs previously sealed to current BIOS version? Patch process must re- seal all blobs with new PCR values Dan Boneh A cloud application Client VM sealed to VMM [JPBM’10] cloud servers VMM TPM Client seals VM to VMM measurement: •  VM code and data are encrypted •  Can only be decrypted on valid cloud server •  Cloud operator cannot easily access data Dan Boneh Trusted Compu2ng Security? Dan Boneh Security? [Kauer 2007] A3ack 1: reset TPM aHer boot with a wire •  Connect LRESET pin to ground - - mimics TPM_Init on LPC bus –  then extend PCRs arbitrarily •  Harder in TPM 1.2 due to “locality” A3ack 2: block TPM un2l aHer boot, then extend PCRs arbitrarily •  Root of trust: BIOS boot block resets PCRs (calls TPM_Startup) –  Defeated with one byte change to BIOS boot block !! Dan Boneh Better root of trust •  DRTM – Dynamic Root of Trust Measurement –  AMD: skinit Intel: senter –  Atomically does: •  Reset CPU. Reset PCR 17 to 0. •  Load the given Secure Loader (SL) code into I- cache (locked) •  Extend PCR 17 with SL •  Jump to SL •  BIOS boot loader is no longer root of trust. Processor microcode is. •  Avoids TPM_Init a_ack: TPM_Init sets PCR 17 to - 1 Dan Boneh Other problems Roll- back a_ack on encrypted blobs •  Example: undo security patches without being no2ced. Can be mi2gated using Data Integ...
View Full Document

Ask a homework question - tutors are online