[Dev] Cynara

Jussi Laako jussi.laako at linux.intel.com
Thu Apr 10 11:44:32 GMT 2014


On 10.4.2014 14:25, Jussi Laako wrote:
> If we like, we can make a separate external trusted hardware where
> passwords are input and directly transferred to the gSSO storage without
> ever involving display server. This at least prevents display server

I think I can fairly easily modify the HID input layer for secure input 
such way that there is a special secure device node that cannot be 
accessed by display server, only by gSSO and it would be able to 
redirect all input from normal HID to the special device on request. 
Thus display server wouldn't be able to see the input (it's HID devices 
would just go silent for that period).

I could also make a "launch PayPal app" hardware button that is 
accessible only to a hypervisor layer below Linux kernel. Or button 
could be hardwired to a separate co-processor having override access to 
display hardware and this co-processor would run the PayPal app. Normal 
data lines between APE and display would go to Z mode when the 
co-processor is activated. Pretty easy to implement with FPGA actually.

But check out pinentry source codes, it has some basic 
anti-eavesdropping features. Although I love topic of secure 
display/input mode.



More information about the Dev mailing list