Carsten Haitzler (The Rasterman)
tizen at rasterman.com
Thu Apr 10 12:20:05 GMT 2014
On Thu, 10 Apr 2014 14:44:32 +0300 Jussi Laako <jussi.laako at linux.intel.com>
> On 10.4.2014 14:25, Jussi Laako wrote:
> > If we like, we can make a separate external trusted hardware where
> > passwords are input and directly transferred to the gSSO storage without
> > ever involving display server. This at least prevents display server
> I think I can fairly easily modify the HID input layer for secure input
> such way that there is a special secure device node that cannot be
> accessed by display server, only by gSSO and it would be able to
> redirect all input from normal HID to the special device on request.
> Thus display server wouldn't be able to see the input (it's HID devices
> would just go silent for that period).
and what do you do when kernel is malicious (compromised) ? :) or hypervisor?
again - you have to trust at some point. my point here is the display server is
an element of a trusted system. and to the original topic - if a user can do
it, it has access too.
> I could also make a "launch PayPal app" hardware button that is
> accessible only to a hypervisor layer below Linux kernel. Or button
> could be hardwired to a separate co-processor having override access to
> display hardware and this co-processor would run the PayPal app. Normal
> data lines between APE and display would go to Z mode when the
> co-processor is activated. Pretty easy to implement with FPGA actually.
> But check out pinentry source codes, it has some basic
> anti-eavesdropping features. Although I love topic of secure
> display/input mode.
> Dev mailing list
> Dev at lists.tizen.org
Carsten Haitzler (The Rasterman) <tizen at rasterman.com>
More information about the Dev