[lowrisc-dev] Hardware Security
166291 at gmail.com
Mon Dec 22 12:15:11 GMT 2014
I'd like to stir up some ideas on hardware security, which could be a
big advantage with verifiable hardware (x-raying, etc).
Hardware isolation is somewhat necessary to achieve software isolation.
Even with a hypervisor, DMA attacks and malicious USB devices can easily
own your entire system. In the memo it vaguely mentions IOMMU technology
which would help here, allowing you to limit peripherals away from
secure data it otherwise shouldn't have access to.
There's also the somewhat unrelated issue of trusted execution. This can
include things like only running signed code, but more importantly only
disclosing secrets when verified code is running. This can help mitigate
evil maid attacks and malicious firmware.
Just food for thought,
More information about the lowrisc-dev