Comment by mjg59
4 years ago
Via what mechanisms? Nothing we currently know about Pluton would enable it to do anything like that, as far as I can tell.
4 years ago
Via what mechanisms? Nothing we currently know about Pluton would enable it to do anything like that, as far as I can tell.
not much detail, but slide 12 claims: https://www.platformsecuritysummit.com/2019/speaker/seay/PSE...
> Pluton validates and boots Security Monitor
> Security Monitor validates and boots the Linux Kernel
> Application Signatures are verified by SM and Pluton before Linux Kernel loads an application
This design still relies on prior stages of the boot process handing stuff over to Pluton - if there are vulnerabilities in the OEM firmware, they're still going to be exploitable in this model.