[no subject]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If the TVM does the encryption with the CPU then we don't really need to
attest the storage or PCI at all, bounce the encrypted data into
untrusted memory and then CPU copy it while crypting it. This
minimizes the amount of stuff you have to trust.

If the TVM would like to have the storage device do the encryption
with something like OPAL then:
 - Attest and trust the PCI function, this lets you load the HBA driver
 - Attest and trust the "media"
 - Use the media attestation to load an encrypted copy of the media
   key from the secure keyserver into the drive

The split view of "media" and PCI function seems appropriate. The
keyserver should only release keys to media that has the correct
attested ID, while a controller may have many different media attached
to it.

Attesting the controller is probably not enough to release the keys?

Jason




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux