Hadmut Danisch wrote:
On Wed, Jul 03, 2002 at 10:54:43PM -0700, Bill Stewart wrote:
At 12:59 AM 06/27/2002 -0700, Lucky Green wrote:
I fully agree that the TCPA's efforts offer potentially beneficial effects. Assuming the TPM has not been compromised, the TPM should enable to detect if interested parties have replaced you NIC with the rarer, but not unheard of, variant that ships out the contents of your operating RAM via DMA and IP padding outside the abilities of your OS to detect.
It can? I thought that DMA was there to let you avoid bothering the CPU. The Alternate NIC card would need to have a CPU of its own to do a good job of this, but that's not hard.
I don't think so. As far as I understood, the bus system (PCI,...) will be encrypted as well. You'll have to use a NIC which is certified and can decrypt the information on the bus. Obviously, you won't get a certification for such an network card.
You won't and Bill won't. But those who employ such NIC's will have no difficulty obtaining certification.
But this implies other problems:
You won't be able to enter a simple shell script through the keyboard. If so, you could simple print protected files as a hexdump or use the screen (or maybe the sound device or any LED) as a serial interface.
Since you could use the keyboard to enter a non-certified program, the keyboard is to be considered as a nontrusted device. This means that you either
* have to use a certified keyboard which doesn't let you enter bad programs
* don't have a keyboard at all
* or are not able to use shell scripts (at least not in trusted context). This means a strict separation between certified software and data.
Sure you can use shell scripts. Though I don't understand how a shell script will help you in obtaining a dump of the protected data since your script has insufficient privileges to read the data. Nor can you give the shell script those privileges since you don't have supervisor mode access to the CPU. How does your shell script plan to get past the memory protection? What am I missing? --Lucky