**Matthew Garrett** @mjg59@nondeterministic.computer · Dec 10, 2022, 09:56

**Matthew Garrett** @mjg59@nondeterministic.computer · Dec 10, 2022, 09:56

Matthew Garrett @mjg59@nondeterministic.computer

Dec 10, 2022, 09:56

Matthew Garrett @mjg59@nondeterministic.computer

I pretty much understand the reason why Windows Hello largely relies on virtualisation to draw a strong boundary between the OS and whatever's processing the biometrics, but I'd really feel much happier with a protected hardware communication channel

**Matthew Garrett** @mjg59@nondeterministic.computer · Dec 10, 2022, 09:56

**Matthew Garrett** @mjg59@nondeterministic.computer · Dec 10, 2022, 09:56

Dec 10, 2022, 09:56

Matthew Garrett @mjg59@nondeterministic.computer

But in the absence of that channel, I think everyone else is still playing catchup to Microsoft here - we'd gain a lot of value from a slim hypervisor that allowed for certain security functionality to be segregated from the main OS

**robryk** @robryk@qoto.org · Dec 10, 2022, 11:55

**robryk** @robryk@qoto.org · Dec 10, 2022, 11:55

Dec 10, 2022, 11:55

robryk @robryk@qoto.org

@mjg59 So the idea would be to not expose some data/ability to command something ever to the OS, right?

Other than the biometrics case, what data/authority would you envision being "taken away" from the OS?

**Matthew Garrett** @mjg59@nondeterministic.computer · Dec 10, 2022, 12:14

**Matthew Garrett** @mjg59@nondeterministic.computer · Dec 10, 2022, 12:14

Dec 10, 2022, 12:14

Matthew Garrett @mjg59@nondeterministic.computer

@robryk If the "token" asserts that it requires physical presence, it should never be possible for the OS to trigger that without the user being physically present. Beyond that, I think the primary concern is ensuring that keys can't be transferred between devices.