Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
theandrewbailey 10 hours ago

> TSME isn't a critical security feature for most consumer desktops, as it protects against attacks where the attacker needs physical access to the device.

If you think it's hard to gain physical access to a consumer desktop, you're out of touch. Most desktops aren't locked inside a datacenter. Memory encryption is a valuable desktop (and laptop) security feature.

WillPostForFood 9 hours ago | parent | next [-]

So my PC runs 5% slower because someone could break into my house to get physical access to decrypt memory? OK sure, but not my top concern, and a bad tradeoff for the lost performance. And not only fair, but completely accurate to describe TSME as non-critical for *most* consumer desktops. I'd go as far as to say useless and counter-productive for most, but not all, consumer desktops.

futuraperdita 9 hours ago | parent | next [-]

So you turn it off by default in BIOS and allow those that feel it's useful to them to enable it, and you solve for both sides of the problem.

avadodin 43 minutes ago | parent | prev | next [-]

If it's not your top concern, you're probably a government employee with full security clearance and the "consumer desktop" doubles as a pirated game rig, top secret NAS and Twitter battle box.

eYrKEC2 7 hours ago | parent | prev | next [-]

Does it run slower? I'd expect dedicated hardware to do that encryption/decryption, in which case there should be no difference.

9 hours ago | parent | prev [-]
[deleted]
cwillu 8 hours ago | parent | prev | next [-]

If the bad guys have physical access to my consumer desktop, I'm already well and truly fucked.

cma 44 minutes ago | parent | prev | next [-]

> as it protects against attacks where the attacker needs physical access to the device.

Doesn't it also protect against rowhammer-like attacks?

rr808 9 hours ago | parent | prev | next [-]

The last few companies have all had desktops in datacenters with the local PC just a virtual terminal.

CivBase 10 hours ago | parent | prev [-]

You'd need physical access while it is running as the target is using it.

hnuser123456 9 hours ago | parent [-]

When the threat model is physical security, henchmen are also a consideration.

transcriptase an hour ago | parent [-]

Yeah if you’re worried about someone getting physical access to your PC for information you should probably be more worried about someone beating that information out of you first.