On Tue, Oct 22, 2013 at 12:29:33PM -0400, Tom Ritter wrote: [...]

On 22 October 2013 05:24, Ruben Pollan <meskio@sindominio.net> wrote:

And to add another, there was a presentation on ARM TrustZone, the OS inside your CPU, that's seems so designed for backdoors that ARM actually gives tips for running TrustZone invisible to the normal OS. https://www.hackinparis.com/sites/hackinparis.com/files/Slidesthomasroth.pdf

These are increasingly worrying me as well. The Secure Element on Android can at least (if you root and edit the .xml file) be queried to learn identifiers of what is installed there, if not directly interact with them.

If you are really worrying about that, you are decades too late. :) ARM-TZ-alike features are already there in other CPU's called SMM, VT-x or SVM, or in your board called IPMI or AMT - or more generic OOB-Management. Or if you worry about phones its called SIM and SIM-toolkit (and this list is far from complete). Yes, if you want a real trustbase and crypto that stands, you have to open-source all of it. Do you know what your keyboard controller is doing? :) http://www.youtube.com/watch?v=tmZ4yXuDSNc Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography