|
Flicker is a technique leveraging new features of CPUs
from AMD and Intel, including support for dynamic root
of trust, to execute application-specific code with an
extremely small TCB, while maintaining compatibility
with a legacy operating system.
Minimal TCB Code Execution
We propose an architecture that allows a Piece of
Application Logic (PAL) to execute in complete isolation
from other software while trusting only a tiny software
base that is orders of magnitude smaller than even
minimalist virtual machine monitors. Our technique also
enables more meaningful attestation than previous
proposals, since only measurements of the
security-sensitive portions of an application need to be
included. We achieve these guarantees by leveraging
hardware support provided by commodity processors from AMD
and Intel that are shipping today.
Prerequisites
Hardware
To use Flicker, a PC platform supporting dynamic root of trust is
needed. AMD and Intel have implemented this differently. A v1.2 TPM
is also required (and it must be enabled and activated in the BIOS).
The AMD version of Flicker requires a processor supporting the SKINIT
instruction, a v1.2 TPM,
and a chipset which provides memory protection for the Flicker code.
The SKINIT instruction is available with newer AMD64
processors. Look for 'svm' in /proc/cpuinfo. In the BIOS, you must
enable hardware virtualization support.
The Intel version of Flicker requires a processor supporting the
GETSEC[SENTER] instruction, a v1.2 TPM,
and a chipset which provides memory protection for the Flicker code.
These features are available on vPro-branded systems supporting Intel
Trusted eXecution Technology (TXT). Look for
'smx' and 'vmx' in /proc/cpuinfo. In BIOS, you must enable hardware
virtualization support (VT), Trusted eXecution Technology (TXT), and
VT-d. There are known-bad (really bad; you could RUIN YOUR
MOTHERBOARD) BIOSes out there for TXT. Upgrade your BIOS to the
newest available version.
To verify that your system has a v1.2 TPM:
$ modprobe tpm_tis force=1 interrupts=0
$ cat `find /sys -name pcrs`
You should have 24 PCRs listed (0-23). If you have only 16 PCRs
(0-15), then you have a v1.1b TPM, and Flicker won't work.
Software
You must use a specific Linux kernel. This release supports v2.6.24
on AMD systems, and v2.6.30 on Intel systems. A kernel config file is
included with this release. It is assumed that you know how to build
and install a kernel using that config file. Enabling additional
drivers for, e.g., storage and networking, should not cause a problem.
Intel requires a chipset-specific SINIT (aka Authenticated Code)
module, which can be obtained from the tboot project's web page.
Frequently Asked Questions (FAQ)
- Q: Which Intel systems will support Flicker?
The same ones that support
Intel's Trusted
Boot project (i.e., systems for which
Intel has released SINIT AC Modules). Our early prototype runs
on systems that include the Intel Q35
chipset (e.g., the Dell Optiplex 755, Lenovo M57p, and
HP dc7800). Newer systems (e.g., those with
GM45, PM45, and GS45 chipsets) supporting Intel
vPro should also have the necessary hardware
support, but the Linux TPM device driver is
not
yet updated.
- Q: Will Flicker run on my machine?
If it meets the Prerequisites above, Flicker _should_ run. However,
it has only been tested on the machines that we have.
- Q: I don't have a Flicker-capable
machine. Can I still develop a Flicker module?
Yes, AMD's SimNow supports the _skinit_ instruction. However, there
will be no TPM support included. In fact, we have encountered
machines in the wild that will execute _skinit_ but do not include a
TPM. These can be useful for developing application-specific
functionality without requiring a reboot during a debug cycle.
- Q: I want to buy a machine to run
Flicker. What should I buy?
The AMD version has been tested on:
Dell PowerEdge T105 server
Dell Optiplex 740 workstation
HP dc5750 workstation - runs but buggy - not recommended
The Intel version has been tested on:
HP dc7800 workstation
Dell Optiplex 755 workstation
Lenovo T400 laptop
HP 8530p laptop
- Q: Is Flicker bug-free?
Certainly not in this version. However, its extremely small size
suggests that a bug-free implementation may be attainable by buggy
human beings. :) Known problems include excessive I/O permissions to
ring 3 PAL code and excessive memory access by PAL segment
descriptors due to need to access the TPM from ring 3 without system
calls.
Revision History
- 2009.10.13. Initial public release of
Version 0.2. Adds Intel TXT support and
an Intel-specific "hellopal" with printf
support.
- 2008.04.15. Initial public
release of Version 0.1. Contains Flicker
kernel module, barebones PAL with 250-line
TCB, and "Hello, world" PAL with debug
code. Please send email to Jonathan McCune
to request the code.
|
|
  Papers
McCune, Jonathan M., Bryan Parno, Adrian Perrig,
Michael K. Reiter, and Arvind Seshadri.
"Minimal TCB Code Execution (Extended Abstract)."
In Proceedings of
the IEEE Symposium on Security and
Privacy,
Oakland, California, May 2007.
[ PDF ]
McCune, Jonathan M., Bryan Parno, Adrian
Perrig, Michael K. Reiter, and Arvind
Seshadri. "How Low Can You Go?
Recommendations for Hardware-Supported
Minimal TCB Code Execution."
In Proceedings of
the ACM Conference on Architectural
Support for Programming Languages and
Operating Systems (ASPLOS'08),
Seattle, Washington,
March 1 - 5, 2008.
[ PDF
]
McCune, Jonathan M., Bryan Parno, Adrian
Perrig, Michael K. Reiter, and Hiroshi
Isozaki. "Flicker: An Execution Infrastructure
for TCB Minimization".
In Proceedings of
the ACM European Conference on Computer
Systems (EuroSys'08),
Glasgow, Scotland,
March 31 - April 4, 2008.
[ PDF
]
Presentation Slides
IEEE S&P 2007
[ PPT
]
ASPLOS 2008
[ PPT
]
EuroSys 2008
[ PPT
]
Extended version
[ PPT
]
Source Code
Version 0.2 [
please email Jon
]
|
Carnegie Mellon University 
