Print

Print


Its too bad I am not in Gainesville anymore.  It seems like there are some 
good activities going on.  Anyway, since we have such renowned security 
expert(s) ;-) on the list I would like to pose a question.  There has been 
much talk of lower level rootkits like the Blue Pill that subvert the kernel 
using virtualization and ones that hide in the motherboard BIOS or 
peripheral BIOS.  How can one be sure that nothing sneaks in the boot phase 
before control is handed to the OS?  I have read about secure booting that 
uses a mostly encrypted, custom BIOS to compare hashes of the peripheral 
firmware and HDD boot sectors (e.g., 
http://www.cs.umd.edu/~waa/pubs/oakland97.pdf).  I am thinking a TPM would 
also be a viable solution?