jussi.laako at linux.intel.com
Thu Apr 10 11:44:32 GMT 2014
On 10.4.2014 14:25, Jussi Laako wrote:
> If we like, we can make a separate external trusted hardware where
> passwords are input and directly transferred to the gSSO storage without
> ever involving display server. This at least prevents display server
I think I can fairly easily modify the HID input layer for secure input
such way that there is a special secure device node that cannot be
accessed by display server, only by gSSO and it would be able to
redirect all input from normal HID to the special device on request.
Thus display server wouldn't be able to see the input (it's HID devices
would just go silent for that period).
I could also make a "launch PayPal app" hardware button that is
accessible only to a hypervisor layer below Linux kernel. Or button
could be hardwired to a separate co-processor having override access to
display hardware and this co-processor would run the PayPal app. Normal
data lines between APE and display would go to Z mode when the
co-processor is activated. Pretty easy to implement with FPGA actually.
But check out pinentry source codes, it has some basic
anti-eavesdropping features. Although I love topic of secure
More information about the Dev