If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
CPUs have not only massively grown in complexity in the last years, they have unfortunately also spawned a slew of proprietary vendor subsystems that execute unauditable code beyond our control (TrustZone, Intel ME etc.).
There are some projects attempting to mitigate this issue somewhat by running less unauditable code (Coreboot, Novena etc.), but in the long run even using those we are still at the whims of some very large corporations which can decide whether or not we still have control over the systems we own.
In this talk, I propose an alternative approach to regain privacy and security on our systems. Instead of trying to fix our CPUs by reverse-engineering large amounts of proprietary blobbiness, I propose we move as much sensitive data as possible out of these compromised systems.
In practice, the architecture I propose places a trusted interposer into the compromised system's display bus (LVDS, (e)DP or HDMI) that receives in-band control data containing intact ciphertext (read: PGP/OTR encoded into specially formatted RGB pixel data) and that transparently decrypts, verifies and renders the decrypted data into the pixel data stream.
The resulting system looks almost identical from a user-interface perspective, but guarantees plaintext message data is never handled on the compromised host CPU while all the juicy computational power and fancy visual effects that one provides remain intact.
I will outline the implementation problem areas of this approach and some possible solutions for them. I will also provide an analysis of this system from a privacy and security perspective.