BATTLE OF SKM AND IUM
1MHMIxh
1MHMIxh
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NOTABLY MISSING…<br />
• Trustlets cannot do any registry I/O<br />
• NtOpenKey(Ex) are both implemented, and return STATUS_OBJECT_NAME_NOT_FOUND<br />
• Trustlets cannot do any file I/O<br />
• Including device I/O (there are no devices to talk to anyway)<br />
• This obviously means no network, sound, video I/O either<br />
• The Trustlet model therefore implies the existence of a Normal Mode “Agent” to perform these actions,<br />
if needed<br />
• Since RPC is permitted, this follows a similar model to the Broker/Renderer model of AppContainer/Chrome<br />
• Also, the lack of certain basic things like mutexes means some standard user-mode libraries won’t work<br />
correctly or fail<br />
• The goal was to support vTPM and Credential Guard, so don’t expect to run arbitrary Trustlets