New hacking-proof processor

Robert Stratton bob at
Thu Apr 16 18:32:42 CDT 2009

It remains to be seen how things that require the "trusted fab" will  
scale commercially.. but.. if you haven't looked at the newest version  
of the Trusted Platform Module technology, it's a good time to take a  
new look.

The previously unwieldy Static Root of Trust for Measurement is now  
augmented by the Dynamic Root of Trust for Measurement, and a new CPU  
instruction, SKINIT or SENTER (depending on whether you're talking  
about AMD or Intel). The Nehalem processors (like the Core i7) will  
let you dynamically invoke a fenced-off processing environment which  
will allow you to do things like perform attestation on arbitrary  
blocks of code in an environment with restricted DMA and register use,  
then hop back-and-forth into your normal dirty OS, or store your keys  
in a place that the rest of  the machine can't touch.

There's some hit but unlike the original SRTM functionality, you don't  
necessarily have to do boot-time attestation on every single piece of  
code from your bootstrap up through the whole OS.

There's a lot one can do with that.


More information about the Tacos mailing list