A nightmare scenario is malware managing to store secrets hidden away from the user in a persistent manner, so wiping the hard disk won't get rid of it. One way to do this is to smuggle it into flash storage on the motherboard chipset, storage reserved for firmware code.
“Imagine I have malware which might only be stealing my disk encryption key,” said Rutkowska, “and it can store it somewhere on the disk or on SPI Flash, or maybe on the Wi-Fi firmware, or maybe on the embedded controller firmware.”
If this were to happen, an attacker who seized the machine could instruct the hidden malware to unlock the computer and give up the swiped key to decrypt the data. “Game is over,” said Rutkowska.
There is a means of changing that game, however: a stateless laptop.
Rutkowska explained
the core thesis of her December paper was to make it a requirement for laptop hardware to be stateless; that is, lacking any persistent storage: "This includes it having no firmware-carrying flash memory chips. All the state is to be kept on an external, trusted device. This trusted device is envisioned to be of a small USB stick or SD card form factor."
This external device was dubbed “trusted stick” by Rutkowska, “for lack of a more sexy name.” It is where the firmware, platform configurations, and the system and user partitions would be held in “a simple FPGA implemented device."
As such, said Rutkowska, “even if malware found a weakness in the chipset, allowing it to reflash the BIOS — and we have seen plenty of such attacks in recent years — it would not be able to succeed.”
However, Rutkowska's December paper noted it was unclear if Intel ME “would be happy when being put into an environment where the SPI flash it gets access to is externally forced to be read-only.”
This clean separation of state-carrying vs. stateless silicon is, however, only one of the requirements, itself not enough to address many of the problems discussed in the [October paper]. There are a number of additional requirements: for the endpoint (laptop) hardware, for the trusted “stick”, and for the host OS.
Rutkowska said the creation of a stateless laptop might not even be that difficult. The most simple implementation, as displayed above, simply removes the SPI Flash and places it on the trusted stick, alongside removing the disk,
and ensuring the discrete devices are using one-time programmable memory instead of flash. More complicated versions were suggested, which Reg readers may find in the recording of the talk.