In AMD's SEV and Intel TDX, the memory is encrypted by the CPU before it hits the memory, so bus snooping outside of the CPU itself isn't useful. (And as that article says there's similar stuff for PCI). As I remember, there's some standards body that doesn't technically require the encryption as part of Confidential compute - but that's just silly standards.

▲

michaelt 4 days ago | parent [-]

IMHO It still all hinges on users saying “I don’t trust this big American multinational, AWS, (who despite their policies and contracts could be subject to all manner of corrupt insiders and secret political pressures) - but I do trust this big American multinational, Intel, for some reason”

To me, those trust boundaries are in the same place.

▲

trebligdivad 4 days ago | parent [-]

It's not necessarily 'AWS' - for example, maybe you trust AWS but realise they have lots of rack monkeys so you can't trust that everyone in their datacentres is trustworthy. Especially say if you have to run in other regions. Or how about in your own data centres in a big company; do you trust everyone who works in all your datacentres with your most sensitive data?

	▲	01HNNWZ0MV43FF 4 days ago \| parent [-]
		I trust them more than cops and governments. A "rack monkey" has to be bribed or turned. The government is pre-loaded with creeps who hate me.