[LinuxBIOS] SMM in LinuxBIOS
arvinds+ at cs.cmu.edu
Fri Jan 12 01:56:45 CET 2007
SEBOS is based on AEGIS, which is a secure bootstrap mechanism. As such,
SEBOS can only guarantee the integrity of what programs are loaded into
memory. This property is similar to that provided by the TCG trusted boot
specification and is called loadtime attestation.
Loadtime attestation does not guarantee that a program which is loaded
into memory and checked for integrity is what gets executed. The program
can be modified by the attacker before being invoked for execution. For
example, an attacker can overwrite memory locations in the program via a
DMA write. Also, both AEGIS and the TCG specification depend on HW
modifications and cannot be used by legacy systems.
Pioneer provides the stronger guarantee that the program whose integrity
is checked is the one that is invoked for execution. In other words, an
attacker cannot modify the program between the time its integrity is
checked and the time the program is invoked for execution. Also, where as
AEGIS and TCG only measure programs loaded at system boot, Pioneer can
measure and launch programs at any point in time. The property provided by
Pioneer is, therefore, similar to the late-launch capability of Intel's LT
and AMD's SVM, which can be used to design systems with substantially
smaller trusted computing bases than AEGIS and TCG. Unlike LT and SVM
however, Pioneer is completely software-based and can be used on legacy
On Thu, 11 Jan 2007, Carl-Daniel Hailfinger wrote:
> Hi Arvind,
> Arvind Seshadri wrote:
> > Thanks for the clarification! The way SMI is handled in LinuxBIOS suits my
> > purpose very well. I am working on a project called Pioneer, whose goal is
> > to prevent any malware present on a computer from tampering with code
> > execution (details can be found at
> > http://www.cs.cmu.edu/~arvinds/verifiable_code_exec.html).
> It seems you are simply reimplementing SEBOS in a more complicated way.
> See http://www.missl.cs.umd.edu/sebos.html for details.
More information about the coreboot