[lowrisc-dev] Hardware Security

Jookia 166291 at gmail.com
Mon Dec 22 12:15:11 GMT 2014


I'd like to stir up some ideas on hardware security, which could be a 
big advantage with verifiable hardware (x-raying, etc).

Hardware isolation is somewhat necessary to achieve software isolation. 
Even with a hypervisor, DMA attacks and malicious USB devices can easily 
own your entire system. In the memo it vaguely mentions IOMMU technology 
which would help here, allowing you to limit peripherals away from 
secure data it otherwise shouldn't have access to.

There's also the somewhat unrelated issue of trusted execution. This can 
include things like only running signed code, but more importantly only 
disclosing secrets when verified code is running. This can help mitigate 
evil maid attacks and malicious firmware.

Just food for thought,

More information about the lowrisc-dev mailing list