[lowrisc-dev] Hardware Security

Alex Bradbury asb at asbradbury.org
Mon Dec 22 16:34:53 GMT 2014


On 22 December 2014 at 12:15, Jookia <166291 at gmail.com> wrote:
> Hello!
>
> I'd like to stir up some ideas on hardware security, which could be a big
> advantage with verifiable hardware (x-raying, etc).
>
> Hardware isolation is somewhat necessary to achieve software isolation. Even
> with a hypervisor, DMA attacks and malicious USB devices can easily own your
> entire system. In the memo it vaguely mentions IOMMU technology which would
> help here, allowing you to limit peripherals away from secure data it
> otherwise shouldn't have access to.
>
> There's also the somewhat unrelated issue of trusted execution. This can
> include things like only running signed code, but more importantly only
> disclosing secrets when verified code is running. This can help mitigate
> evil maid attacks and malicious firmware.

Thanks for the message Jookia. This is an are we had some really
useful feedback on from people reading earlier drafts. e.g. bunnie
suggested it could be valuable to carve out a small amount of memory
for every minion which can't be remapped or shared in the IOMMU (this
is hinted at in the memo, but perhaps it's not clear this wouldn't
just be done via the IOMMU).

Alex



More information about the lowrisc-dev mailing list