security modifications to current PCs

Travis H. solinym at gmail.com
Thu Dec 1 00:08:00 PST 2005


Hey,

I've been reading through the TCPA documents and thinking a bit about
changes that might give higher assurance to an ordinary PC, or at
least a PC with only minor changes.

Specifically, one of the things I've always been mulling over is a
secure boot sequence.  Basically, like the TCPA, I want a sequence
where each stage decrypts and validates the next one so that a user
doesn't have to worry about modifications to the bootup state. 
Basically, I've been thinking about rewriting the BIOS (perhaps with
large portions in FORTH a la openfirmware*) such that instead of
prompting the user for a password which is compared to a stored copy
(that can be erased by removing the battery), it instead prompts the
user for a passphrase that is used to decrypt and authenticate the MBR
(boot block) and possibly the first-stage boot loader.  The boot
loader in turn decrypts and authenticates the kernel and any
associated crud it needs (perhaps supporting the multiboot spec), and
the kernel and crud are smart enough to decrypt and authenticate the
root partition, and away we go.

[*] http://www.openfirmware.org/

Similarly, I wouldn't mind seeing a PCI card or something that is
designed for securely storing crypto keys (from DMA among other
things) and performing crypto operations.  These parts of the TCPA are
okay.  I don't see the need to curtain memory, as I'm comfortable with
the "ring 0 can do anything" property.

Additionally, it would be nice to have a "trusted path" to the OS,
whereby a certain key sequence triggers a direct input path to a
program, or the user is assured of what program he/she is talking to.
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/trusted-path.html

Is it possible to implement most block ciphers in FPGAs?  It'd be nice
to have a bus-mastering crypto co-processor device to do, say, disk
encryption without requiring CPU help, but I want to be able to update
it to new algorithms as new attacks against the cipher appear.  I use
some disk encryption stuff on a dual processor machine and it's still
slow.  The load climbs to 10 or 12 all too easily, then stuff becomes
unresponsive (perhaps because swap is one of the things I'm
encrypting).
--
http://www.lightconsulting.com/~travis/  -><-
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B





More information about the cypherpunks-legacy mailing list