Adam Back writes:
I have one gap in the picture:
In a previous message in this Peter Biddle said:
In Palladium, SW can actually know that it is running on a given platform and not being lied to by software. [...] (Pd can always be lied to by HW - we move the problem to HW, but we can't make it go away completely).
Obviously no application can reliably know anything if the OS is hostile. Any application can be meddled with arbitrarily by the OS. In fact every bit of the app can be changed so that it does something entirely different. So in this sense it is meaningless to speak of an app that can't be lied to by the OS. What Palladium can do, though, is arrange that the app can't get at previously sealed data if the OS has meddled with it. The sealing is done by hardware based on the app's hash. So if the OS has changed the app per the above, it won't be able to get at old sealed data. And of course remote attestation will not work either, if the app has been meddled with. This means that an app can start running, attest to its "clean" status to a remote server, download some data from that server, and seal it. Then at a later time, IF the app is able to unseal that data, then it is true that the app has not been meddled with and is not running on virtualized hardware. That is how I understand these sorts of claims.