Originally posted by dp_alvarez
View Post
But, the thing about "root of trust" is that you must be able to verify from source code to deployment to execution. AND you have to be able to verify that the root is actually authentic - it hasn't been usurped. Unless there is a method of verifying all the way from source code to actual execution then it doesn't matter if the whole thing is open source because you can't verify that source revision is actually what's running on the hardware. The devil, as usual, will be in the details and generally speaking none of these companies have been particularly good at transparency. In fact, outside of AMD possibly, they're all particularly bad at it, especially Microsoft and Nvidia. And then there's Google who never met a project they didn't want to kill.
We'll have to wait and see.
Comment