Announcement

Collapse
No announcement yet.

Linux 5.6 Crypto Code Brings The New AMD TEE Driver

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 5.6 Crypto Code Brings The New AMD TEE Driver

    Phoronix: Linux 5.6 Crypto Code Brings The New AMD TEE Driver

    Herbert Xu sent in all of the crypto subsystem changes on Tuesday for the in-development Linux 5.6 kernel. Interesting us the most out of this crypto work is the AMD Trusted Execution Environment (TEE) driver...

    http://www.phoronix.com/scan.php?pag...o-With-AMD-TEE

  • #2
    To hackers: Please exploit this and name it GOLF so we can TEE OFF to watch pirated copies of Caddyshack.

    Comment


    • #3
      They do not trust me, the end user. I cannot trust it - or them. The program(s) inside the PSP (or ME for that matter) is not trustworthy because it cannot be audited (or changed if faulty).
      So why is everyone talking about "trust" when there is no such trust in this whole matter?

      And I don't like some blob program in an obscure black box running kind of on ring minus something to mess around in my memory and possibly read keys and clear text and whatnot.
      Stop TCPA, stupid software patents and corrupt politicians!

      Comment


      • #4
        Originally posted by Adarion View Post
        So why is everyone talking about "trust" when there is no such trust in this whole matter?
        Trust does not just mean you have to trust that stuff, there are other parties to the game, too. Like your OS and its vendors, content providers,... Even if you as a user don't put any trust into it, there are still enough backers on the table.

        Comment


        • #5
          If one thing is for sure, then that is any closed source "trust"-something implementations by companies are not to be trusted, at all.

          Comment


          • #6
            Originally posted by Adarion View Post
            They do not trust me, the end user. I cannot trust it - or them. The program(s) inside the PSP (or ME for that matter) is not trustworthy because it cannot be audited (or changed if faulty).
            So why is everyone talking about "trust" when there is no such trust in this whole matter?

            And I don't like some blob program in an obscure black box running kind of on ring minus something to mess around in my memory and possibly read keys and clear text and whatnot.
            Well said. The solution is simple -- don't buy x86! There are other architectures on the market with similar performance that don't abuse your trust in this manner.

            Whenever an x86 vendor says "trusted", what they mean is that the computer is trusted to not be under your control. If you're paying for this privilege, don't. Recognize that it's somehow combining the worst of the lease and ownership worlds, that while you don't have control (thus the resources are effectively leased to you) you are still responsible to pay to replace any hardware that breaks. Win-win for the vendor, lose-lose for you, the consumer.

            Did I mention OpenPOWER systems have an open source TEE that you load your own keys into as the root of trust, so you actually can trust it (and lock out Hollywood etc.)? These x86 implementations, in contrast, have by design the vendor's keys as root of trust, permanently designed / fused into the CPU at manufacture. Any illusion of control of loading your own keys is only by delegation, basically the vendor has allowed you to (in some cases) further restrict their own restrictions they've imposed. Very different model than the OpenPOWER boxes.
            Last edited by madscientist159; 01-28-2020, 06:32 PM.

            Comment

            Working...
            X