23 Jul
2013
23 Jul
'13
11:08 p.m.
On Tue, Jul 23, 2013 at 04:28:23PM -0400, Tarl Neustaedter wrote:
The problem of secure execution is fairly well understood. Google "Verified Boot" or "Trusted Boot". The implementations that take it seriously do verification of their PROM, sign it, and the hardware won't let you start unless the PROM is good. Then the PROM verifies the signature of each component as it's brought in (I was recently involved in implementing public key verification for such).
It doesn't guarantee bug-free code, but it verifies that the code you are running is what you think it is.
And the PROM is inside the CPU so you can't swap it in some cases, perhaps even encrypted.
--
Len Sorensen