trod123
2 days ago
This has been asked a few times now.
The structure would most likely need to be a hardened microkernel, similar to se4L; and would necessarily need to mask every unique piece of information that comes from the hardware in a generic way that prevents or dramatically impacts fingerprinting in a non-deterministic way.
To do anything programmatically in a resilient way you need to uniquely identify what you are working with first.
Also, in practice, there can be no secure OS so long as there is no control over the hardware. Existing consumer equipment would need significant redesign at the hardware/signal domain level.
Firmware malware is becoming more common, almost ubiquitous, and frightening with the applications it allows, thanks in large part to existing companies creating backdoors. As all companies build this functionality in, and there is very little benefit to them in short or long-terms to do so, its reasonable to assume its by some secret order. Free-market companies don't generally spend money on features that target only a small portion of their customers when it also creates liabilities that can balloon.
Application wise, here is a thought experiment for you:
How hard would it really be to silently upload software to a target running in a SMM context (Ring -2) that scans or hooks memory looking for high entropy strings of common fixed widths (i.e. a Rabin-Karp search), and when entropy is above a threshold saving those into the service sector of the attached hard drive in a cache-like structure.
While a bit rhetorical, what would the consequences be for this? Would encryption keys stored in memory persist and float to the top for remote or physical querying? Is there anything you can do about that without access control to SMM? Is there any software instrumentation that lets you have visibility on something like that?
The general obvious answers are yes its likely in the first, and no to the rest.