zlacker

[parent] [thread] 4 comments
1. jsnell+(OP)[view] [source] 2023-07-25 14:55:11
The browser doesn't interface directly with any of the hardware, the operating system does. And the integrity of the operating system can be attested to by the hardware via a chain of trust all the way to the secure bootloader.
replies(1): >>sam0x1+Y4
2. sam0x1+Y4[view] [source] 2023-07-25 15:12:47
>>jsnell+(OP)
Yeah but what's to stop me from spawning a hidden instance of edge, sending keys etc to it to get it to visit some page, and using either window sub-classing (to hack it's memory space and read the request directly) or a local proxy server to steal the attestation it generates before terminating the request?

Likewise what's to stop you from patching the operating system directly (ok secure boot)

You could also just emulate an entire windows OS + TPM and have the emulator do it it sounds like

Like any scenario where I'm allowed to run arbitrary code within the OS with administrator privileges sounds like you could escape this.

replies(1): >>alex77+v9
◧◩
3. alex77+v9[view] [source] [discussion] 2023-07-25 15:31:25
>>sam0x1+Y4
> You could also just emulate an entire windows OS + TPM and have the emulator do it it sounds like

Yes, but your emulated TPM is not on the approved list. To impersonate an approved TPM you would need to pull the keys from a real TPM which requires (probably very expensive) semiconductor lab tools and trashing the chip.

replies(2): >>sam0x1+u11 >>helloj+ds1
◧◩◪
4. sam0x1+u11[view] [source] [discussion] 2023-07-25 18:30:51
>>alex77+v9
Such an evil pattern. We need to eliminate this at all costs.

Luckily I think if Chrome were to move forward with this they'd face extreme anti-trust stuff as a result

◧◩◪
5. helloj+ds1[view] [source] [discussion] 2023-07-25 20:21:33
>>alex77+v9
If you did trash the chip whilr managing to successfully pull the tpm keys, could you then use that key to sign requests in an unapproved vm or on metal with a different root tpm?
[go to top]