Comments by "Edward Cullen" (@edwardcullen1739) on "Louis Rossmann"
channel.
-
1
-
1
-
@jerrylove865 Dude, YOU'RE the one who asked for a circuit diagram! You refuse to engage with what I say and are surprised when I call you disingenuous?
I'm only responding at your level.
I'll say it again, even though you refuse to let it sink in: WHERE the cryptographic verification takes place IS important.
This is basic, basic stuff.
You are proposing that the main board handle verification and then send a signal to the CPU that everything is okay.
This is literally like someone saying they've cleaned the pans so you can start cooking, then you starting to cook without making sure. The pans could be clean, but they might not and whether you notice may be pure luck.
With verification happening on the CPU, this is the equivalent of you checking all the pans are clean and refusing to cook if they're not.
Or put another way: would you trust a site that claimed everything was kosher, without verifying the server certificate?
I went back over your previous arguments, which I have already addressed, but you ignored: this feature can be "defeated" by replacing the CPU, yes, but the fact that the CPU has been replaced is *detectable*, because the vendor keeps a bill of materials of everything that went into the machine, including serial numbers.
The point about memory encryption, which you clearly failed to grasp, is that the verification process either checks then loads into RAM or loads into RAM and then checks. The point here is that this is done by being passed through the memory encryption, so there's "no way" an attacker could use a timing attack to subvert the BIOS image once it's loaded into RAM.
Again, I don't know what more to say. There isn't just one feature that provides "vendor locking"; there are a suit of features, all added AT THE SAME TIME and when one looks at what they do, it's trivial for even someone like me (who hasn't worked in hardware security for over 5 years) to see how they are complementary and interconnected. This is why I raised full-memory encryption.
As to the final paragraph in my previous: as you had already, disingenuously, asked me to produce a circuit diagram, I knew that you would ask me to provide an answer to how I would defeat your hypothetical board-based verification, which we both know would be literally like asking me to tell you how long the imaginary piece of string you're holding is.
Finally, I just wanted to check if you knew who Luke Jennings was. If you knew, then you might have something to say, but you clearly didn't, which proves what I suspected by your words: you don't have anything above a very basic level of understanding of security at either the hardware or software level, let alone how they impact each other.
Stick to YouTube. Taking your "argument" to serious security researchers would get you laughed out of the room.
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1
-
1