Matthew GarrettMay 8, 2024
My annual plea for a thing: I want a type 1 hypervisor that just has a small isolated VM and then passes through the rest of the hardware to the main VM which runs Linux. The small VM is intended to be used to run small pieces of code that the main OS should not be able to interfere with. Does such a thing exist? (Think Xen, but with a Dom0 that can't see into DomUs)
Show threadZimmieMay 8, 2024

@mjg59 To be sure I understand, you want a small VM and a big VM. The big VM gets all the hardware minus what’s needed to run the hypervisor and the small VM. Communications between the big VM and the small VM are strictly controlled in both directions such that neither can interfere with the other.

What sort of thing are you trying to do with this small VM?

This sounds kind of like what a TPM is for, or maybe a BMC/SMC/LOM.

Show threadMatthew GarrettMay 8, 2024
@bob_zim Manage secrets in ways that the TPM can't (eg, the TPM can't establish a secure communications channel with a biometric reader)
Show threadZimmieMay 8, 2024

@mjg59 So the small VM would own the physical link to the biometric reader, then provide its own attestation about the biometric reader’s attestation it was presented an authentic biometric?

Hmm. I’m not sure I know of a way to do that in software. Decent biometric readers should already use asymmetric keys, though. It should be possible to get a secure element like a TPM or smart card to only unlock a stored key when presented with a valid signature from the reader’s private key.

Show threadMatthew GarrettMay 8, 2024
@bob_zim No need for a physical link (eg, TLS is secure without you having to trust the physical link, modern biometric devices implement equivalent functionality). It is not possible to use a TPM in this way given the hardware that exists.
Show threadNicolás Alvarez
@bob_zim @mjg59 This is in fact how Apple does it. The Secure Enclave doesn't have a physical link to the fingerprint sensor. The kernel in the main OS, running in the main CPU, has to actively forward data between the SEP and the sensor, but it's encrypted and the OS can't know what the data is.
May 8, 2024 at 11:19pmWeb
Show threadZimmieMay 9, 2024

@nicolas17 @mjg59 Exactly. I know Touch ID and Face ID work like that, and I know at least some root-of-trust devices from other vendors allow the same style of operation. I can’t recall the specifics because I don’t often deal with such devices.

A smart card could definitely do it, what with the ability to run Java applets directly on the secure element. You would “just” need to find or create an applet to take the biometric reader’s attestation, verify the signature, and unlock the relevant key.