Conversation

Jarkko Sakkinen

Edited 1 year ago
Commercial Linux distribution vendors could bring a lot of confidential computing benefits by providing rate-limited attestation service (i.e. accountless like AMD SEV-SNP CA works) I.e. CA would provide cryptographic proof of the core software stack.

With TPM2 backed hard drive encryption and HMAC encrypted chip communication you get a piece of confidential computing promise, i.e. the software adversary part and you can maintain that promise with pure software bug fixes, which obviously adds in to the value.

The main threat scenario of confidential computing is an adversary with a physical access to the hardware but it is also debatable scenario, and as we all know, there is a lot of data to backup the "debatable" part.

TCG, being a consortium and not a private company, states its specifications that TPM provides resistance against physical attacks. I think this is how Intel, AMD, ARM and other commercial CPU vendors should also describe their corresponding white papers, and make any improvements on top of clear and obvious to the customer.

PS. "confidential computing" is bad terminology but unfortunately it is also defacto terminology of the industry by now. It is actually "trusted computing" because the goal is try to address both confidentiality and integrity problems.

#linux #kernel #tpm #intel #amd #arm #sev #snp #sgx
1
0
0
Depending on the product of course, this kind of architecture can be more secure than any of the confidential computing technologies because it does not require syscall shims. Kernel can fully lock-in syscalls however it chooses.

The big issue in "CoC" are these extra layers of software between trusted and untrusted world and complicated kernel stack that goes with them. I never neither fully got why limited set of entry points is such a big deal. You can still take advantage bugs at those entry points and apply attacks like RoP. It's not that different from accessing e.g. a network service with a limited set of requests. AFAIK, they also do get sometimes remotely exploited.
1
0
0
Why I said commercial Linux vendors relates to a fact that for commercial entity it is most trivial to call yourself a CA... So it is measurable value for also for customers to pick RHEL or SUSE Enterprise Server and thus competitive advantage.
1
0
1

Jarkko Sakkinen

Edited 1 year ago
SGX/TDX and SEV-SNP are far from useless as hardware products but both fail to deliver to de-facto measure how things are cleared up in the security world: transparency. In both the transparency is not blocked by technologies being closed. It is blocked by not having cheap off-the-shelf hardware to try out the CPU features. One can objectively claim that these are the weaker parts of the arch-code, not because of unskilled developers but because of very small audience who tests these features in the wild.
0
0
0