| ▲ | procaryote 5 days ago |
| Even if you were to trust secure boot and that there are no cpu bugs around the isolation, you're still running on someone else's hardware. The CPU and Secure boot has no reliable way to tell if the hardware was modded to allow bus snooping or a fake crash that still keeps the memory on a refresh loop. Don't put things in the cloud if your threat model doesn't allow you to trust the cloud provider, or whoever has the power to compell your cloud provider to do things. |
|
| ▲ | trebligdivad 4 days ago | parent | next [-] |
| In AMD's SEV and Intel TDX, the memory is encrypted by the CPU before it hits the memory, so bus snooping outside of the CPU itself isn't useful.
(And as that article says there's similar stuff for PCI).
As I remember, there's some standards body that doesn't technically require the encryption as part of Confidential compute - but that's just silly standards. |
| |
| ▲ | michaelt 4 days ago | parent [-] | | IMHO It still all hinges on users saying “I don’t trust this big American multinational, AWS, (who despite their policies and contracts could be subject to all manner of corrupt insiders and secret political pressures) - but I do trust this big American multinational, Intel, for some reason” To me, those trust boundaries are in the same place. | | |
| ▲ | trebligdivad 4 days ago | parent [-] | | It's not necessarily 'AWS' - for example, maybe you trust AWS but realise they have lots of rack monkeys so you can't trust that everyone in their datacentres is trustworthy. Especially say if you have to run in other regions.
Or how about in your own data centres in a big company; do you trust everyone who works in all your datacentres with your most sensitive data? | | |
| ▲ | 01HNNWZ0MV43FF 4 days ago | parent [-] | | I trust them more than cops and governments. A "rack monkey" has to be bribed or turned. The government is pre-loaded with creeps who hate me. |
|
|
|
|
| ▲ | wat10000 5 days ago | parent | prev [-] |
| Could this be solved with some sort of TPM-like secure attestation that can prove you’re running on the CPU you think you are, plus encrypted memory to defeat external memory reads? |
| |
| ▲ | procaryote 5 days ago | parent | next [-] | | For it to work, the whole CPU would pretty much need to be a secure enclave. It puts very different requirements on the hardware than affordable high performance computing does. Even then, many secure enclaves have been compromised by people with enough time and motivation. | |
| ▲ | throawayonthe 5 days ago | parent | prev [-] | | that's exactly what confidential vms are |
|
