virtual box and video isolation

Vasan vasan.vs at ...9...
Tue Mar 24 09:00:08 CET 2015


Hi Norman,

If we need protection from a boot of a custom OS from a USB stick on the
device, we need to only have a High Assurance Boot (HAB) aka Secure boot
feature that comes in with some of the processors like iMX series range.
This would prevent any kind of a modified boot image to be used for booting
and the device would give a picture as if it is just hung - refusing to
boot up with the modified boot image.

Thanks

Vasan


On Mon, Mar 23, 2015 at 11:20 PM, Norman Feske <norman.feske at ...1...
> wrote:

> Hi Tim,
>
> >     I was wondering how the virtualbox implementation on top of
> > genode/nova fares against this type of attack:
> > https://hsmr.cc/palinopsia/
> >
> > is 3d acceleration used? is there strong isolation of the video memory?
>
> our version of VirtualBox does not use/support hardware-accelerated
> graphics. We needed a GPU driver first.
>
> Thanks for the link. It is important to keep such attack vectors in
> mind. It also bears the question: Does your BIOS clear all physical
> memory at boot time? If not, couldn't an attacker with physical access
> to a machine (i.e., a stolen laptop that may still be locked with a
> screensaver) reset the machine, boot a custom OS from a USB stick, and
> scan the memory for credentials? What would be a viable defense against
> such a scenario?
>
> Cheers
> Norman
>
> --
> Dr.-Ing. Norman Feske
> Genode Labs
>
> http://www.genode-labs.com · http://genode.org
>
> Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
> Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20150324/57fa9db8/attachment.html>


More information about the users mailing list