zlacker

[parent] [thread] 3 comments
1. transp+(OP)[view] [source] 2022-01-09 04:03:46
Pluton will likely close OEM/firmware security holes that could be used to escape such policy.
replies(1): >>mjg59+x2
2. mjg59+x2[view] [source] 2022-01-09 04:28:08
>>transp+(OP)
Via what mechanisms? Nothing we currently know about Pluton would enable it to do anything like that, as far as I can tell.
replies(1): >>transp+k5
◧◩
3. transp+k5[view] [source] [discussion] 2022-01-09 04:53:36
>>mjg59+x2
not much detail, but slide 12 claims: https://www.platformsecuritysummit.com/2019/speaker/seay/PSE...

> Pluton validates and boots Security Monitor

> Security Monitor validates and boots the Linux Kernel

> Application Signatures are verified by SM and Pluton before Linux Kernel loads an application

replies(1): >>mjg59+w6
◧◩◪
4. mjg59+w6[view] [source] [discussion] 2022-01-09 05:04:38
>>transp+k5
This design still relies on prior stages of the boot process handing stuff over to Pluton - if there are vulnerabilities in the OEM firmware, they're still going to be exploitable in this model.
[go to top]