In theory you only need to trust the hardware to be correct, since it doesn't have the decryption key the worst it can do is give you a wrong answer. In theory.

▲

esseph 5 hours ago | parent [-]

But can you trust the hardware encryption to not be backdoored, by design?

That's my point, this sounds like a way to create a backdoor for at-rest data.

	▲	jayd16 2 hours ago \| parent \| next [-]
		By design, you don't trust it. You never hand out the keys so there's no secret to back door. The task is never unencrypted, at rest or otherwise.
	▲	cassonmars 5 hours ago \| parent \| prev \| next [-]
		You can if the manufacturer has a track record that refutes the notion, and especially if they have verifiable hardware matching publicly disclosed circuit designs. But this is Intel, with their track record, I wouldn't trust it even if the schematics were public. Intel ME not being disable-able by consumers, while being entirely omitted for certain classes of government buyers tells me everything I need to know.
	▲	bilekas 4 hours ago \| parent \| prev \| next [-]
		> That's my point, this sounds like a way to create a backdoor for at-rest data. I get the feeling honestly it seems more expensive and more effort to backdoor it..
	▲	anon291 an hour ago \| parent \| prev [-]
		Well yeah... You do the initial encryption yourself by whatever means you trust