[Dev] Cynara

Carsten Haitzler (The Rasterman) tizen at rasterman.com
Thu Apr 10 12:20:05 GMT 2014


On Thu, 10 Apr 2014 14:44:32 +0300 Jussi Laako <jussi.laako at linux.intel.com>
said:

> On 10.4.2014 14:25, Jussi Laako wrote:
> > If we like, we can make a separate external trusted hardware where
> > passwords are input and directly transferred to the gSSO storage without
> > ever involving display server. This at least prevents display server
> 
> I think I can fairly easily modify the HID input layer for secure input 
> such way that there is a special secure device node that cannot be 
> accessed by display server, only by gSSO and it would be able to 
> redirect all input from normal HID to the special device on request. 
> Thus display server wouldn't be able to see the input (it's HID devices 
> would just go silent for that period).

and what do you do when kernel is malicious (compromised) ? :) or hypervisor?
again - you have to trust at some point. my point here is the display server is
an element of a trusted system. and to the original topic - if a user can do
it, it has access too.

> I could also make a "launch PayPal app" hardware button that is 
> accessible only to a hypervisor layer below Linux kernel. Or button 
> could be hardwired to a separate co-processor having override access to 
> display hardware and this co-processor would run the PayPal app. Normal 
> data lines between APE and display would go to Z mode when the 
> co-processor is activated. Pretty easy to implement with FPGA actually.
> 
> But check out pinentry source codes, it has some basic 
> anti-eavesdropping features. Although I love topic of secure 
> display/input mode.
> 
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev
> 


-- 
Carsten Haitzler (The Rasterman) <tizen at rasterman.com>


More information about the Dev mailing list