undefined | Better HN

0 pointsmjg594y ago0 comments

Via what mechanisms? Nothing we currently know about Pluton would enable it to do anything like that, as far as I can tell.

0 comments

2 comments · 1 top-level

transpute4y ago· 1 in thread

not much detail, but slide 12 claims: https://www.platformsecuritysummit.com/2019/speaker/seay/PSE...

> Pluton validates and boots Security Monitor

> Security Monitor validates and boots the Linux Kernel

> Application Signatures are verified by SM and Pluton before Linux Kernel loads an application

mjg59OP4y ago

This design still relies on prior stages of the boot process handing stuff over to Pluton - if there are vulnerabilities in the OEM firmware, they're still going to be exploitable in this model.

j / k navigate · click thread line to collapse