Announcement

Collapse
No announcement yet.

Intel Details TDX To Better Protect Virtual Machines

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Details TDX To Better Protect Virtual Machines

    Phoronix: Intel Details TDX To Better Protect Virtual Machines

    Intel has published a whitepaper on their new TDX "Trust Domain Extensions" technology for better securing virtual machines...

    http://www.phoronix.com/scan.php?pag...tter-VM-Secure

  • #2
    This approach again.

    Comment


    • #3
      One year later they find a vulnerability on TDX and the idea is destroyed.

      Comment


      • #4
        I don't know, but it feels weird to see Intel (and AMD) come out with new instructions to protect various things. It doesn't give much confidence. I feel like what are all these additional instructions good for when it seems the underlying architecture and technology is riddled with holes. I don't know, but I feel many of these things just seems like workarounds or polishing a turd.

        Comment


        • #5
          Originally posted by uid313 View Post
          I don't know, but it feels weird to see Intel (and AMD) come out with new instructions to protect various things. It doesn't give much confidence. I feel like what are all these additional instructions good for when it seems the underlying architecture and technology is riddled with holes. I don't know, but I feel many of these things just seems like workarounds or polishing a turd.
          Yeah, just stop creating new patches, just fix the damn thing, because Intel like any other capitalist entity passes its expenses on to its customers.

          Comment


          • #6
            Speaking of protection, there seems to be a GRU rootkit hitting Linux in the wild.

            https://media.defense.gov/2020/Aug/1...E_AUG_2020.PDF

            Comment


            • #7
              I guess it will end up like SGX, which was supposed to be secure but draws by itself more Spectre-related issues than anything else.

              Comment


              • #8
                The million dollar question is who gets to write and sign and approve "Intel authenticated code modules"

                Even if it uses SGX and even if SGX actually works successfully, the threat model for SGX doesn't include conventional side channels like timing attacks, so if it's based on SGX and the SGX concept then it's like SGX - only truly useful for small bits of hand written assembly language.

                Comment


                • #9
                  There are many hits for Patents when searching for "Intel TDX", this seems like one of the most recent: Secure Encryption Key Management in Trust Domains - 20200202013.

                  Comment


                  • #10
                    It's funny how they put the stuff I trust the least in the blue box. The other stuff I can control.

                    Comment

                    Working...
                    X