Hi Norman,
If we need protection from a boot of a custom OS from a USB stick on the device, we need to only have a High Assurance Boot (HAB) aka Secure boot feature that comes in with some of the processors like iMX series range. This would prevent any kind of a modified boot image to be used for booting and the device would give a picture as if it is just hung - refusing to boot up with the modified boot image.
Thanks
Vasan
On Mon, Mar 23, 2015 at 11:20 PM, Norman Feske <norman.feske@...1...
wrote:
Hi Tim,
I was wondering how the virtualbox implementation on top of
genode/nova fares against this type of attack: https://hsmr.cc/palinopsia/
is 3d acceleration used? is there strong isolation of the video memory?
our version of VirtualBox does not use/support hardware-accelerated graphics. We needed a GPU driver first.
Thanks for the link. It is important to keep such attack vectors in mind. It also bears the question: Does your BIOS clear all physical memory at boot time? If not, couldn't an attacker with physical access to a machine (i.e., a stolen laptop that may still be locked with a screensaver) reset the machine, boot a custom OS from a USB stick, and scan the memory for credentials? What would be a viable defense against such a scenario?
Cheers Norman
-- Dr.-Ing. Norman Feske Genode Labs
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main