Hi Norman,
If we need protection from a boot of a custom OS from a USB stick on the
device, we need to only have a High Assurance Boot (HAB) aka Secure boot
feature that comes in with some of the processors like iMX series range.
This would prevent any kind of a modified boot image to be used for booting
and the device would give a picture as if it is just hung - refusing to
boot up with the modified boot image.
Thanks
Vasan
On Mon, Mar 23, 2015 at 11:20 PM, Norman Feske <[email protected]
> wrote:
> Hi Tim,
>
> > I was wondering how the virtualbox implementation on top of
> > genode/nova fares against this type of attack:
> > https://hsmr.cc/palinopsia/
> >
> > is 3d acceleration used? is there strong isolation of the video memory?
>
> our version of VirtualBox does not use/support hardware-accelerated
> graphics. We needed a GPU driver first.
>
> Thanks for the link. It is important to keep such attack vectors in
> mind. It also bears the question: Does your BIOS clear all physical
> memory at boot time? If not, couldn't an attacker with physical access
> to a machine (i.e., a stolen laptop that may still be locked with a
> screensaver) reset the machine, boot a custom OS from a USB stick, and
> scan the memory for credentials? What would be a viable defense against
> such a scenario?
>
> Cheers
> Norman
>
> --
> Dr.-Ing. Norman Feske
> Genode Labs
>
> http://www.genode-labs.com · http://genode.org
>
> Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
> Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> genode-main mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
genode-main mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/genode-main
