Announcement

Collapse
No announcement yet.

AMD, Google, Microsoft & NVIDIA Announce "Caliptra" Open-Source Root of Trust

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by sdack View Post

    You go ahead and tell yourself whatever you want. Building a nuclear bomb and painting the red cross onto it does not change what it will do. You only took the bait, mate.
    You're entitled to your opinion, of course. Colleagues of mine felt the same way about protected memory, dynamic link libraries, network storage, and the doom of civilisation when all trust in information was lost due to everyone becoming a publisher with the advent of the Internet. And indeed, there are negatives to all the above.

    I read recently that a girl was led from WhatsApp to Discord, encouraged to post nudes, then extorted into prostitution. Some people inhaled air to enable that sequence of events. Taking away inhaling globally would certainly solve the problem... but I think I'd like to leave inhaling available to those who will use it responsibly. ;-)

    Comment


    • #32
      linuxgeex your arguments are really intriguing. Though you must understand that some people really cannot see the bigger picture and/or the implication of this open source project. Most people see the backing and thinking "yeah, because I can trust these ones for anything else right?" and they are right in their skeptical attitude.

      People usually see that open source means that everyone can see thus manipulate, yeah there are always bad actors among humans but the opposite is also the case (since there are literally paid people working on it). This problem of bad actors will manipulate code is natural as a human needs air to breath, but it's the most ironic argument the big companies has been using not so far back in the past to prevent open source to come to light in the first place (basically, not to change anything, cannot trust the public for anything...).

      But then comes the natural concept, to bring change you have to change, and open source as a basis (than before on this level for such a project) is a change. Those that has read the history of system development (or development in IoT in general) understand the gratification of this. Those that just consume article headlines like it's some daily routine will regurgitate what other people has said before (a/the change of things).

      Comment


      • #33
        Originally posted by agd5f View Post
        "Caliptra is fully open-source down to the RTL being made public along with the firmware."
        Yes, but if you buy a AMD CPU you have no chance to check if they really implemented it like they say it is. So it's still a black box.

        Comment


        • #34
          Originally posted by Anux View Post
          Yes, but if you buy a AMD CPU you have no chance to check if they really implemented it like they say it is. So it's still a black box.
          But even if they did they allow them to use all this open source to forbid installing software the user wants in hardware the user owns.

          They just install proper free software and a public key in the hardware they sell you and keep the private key secret (if they can, they become a more attractive target than you, and defectors, spies, attackers or bribers get more bang for their steal, while the vendor's current or future government or dictator can possibly obtain their private key anyway).

          The fact that the owner of the private key (hardware vendor) is using free software does not mean that the system will let you install
          the free software you want. You could (if you believe them that they're really using the published sources, as Anux et al. said) at most study, share and modify their free software, but you could not install it with your (or the community) modifications or run it in the device you use. Tivoization with free software is still evil.

          Or they can allow it but then allow your bank to refuse you connecting with their web server because the software you trust is not the software they trust.
          And the organization hosting the media you watch or listen, and the government, and your health provider, and ...

          The fundamental problem under tivoization is that they want to sell trust and security to people who don't want to understand trust or security, so they end up not trusting their customer (because if the customer had the power to do their will, scammers can trick the customer to do what the vendor or the customer don't want). Any scheme in which computers control people instead of people control computers ends up in abuse, because since the computers have no free will, it's always someone else who controls the computer that controls the user.

          Comment


          • #35
            Originally posted by Anux View Post
            Yes, but if you buy a AMD CPU you have no chance to check if they really implemented it like they say it is. So it's still a black box.
            That applies to any silicon unless you fab it yourself.

            Comment


            • #36
              Originally posted by agd5f View Post

              That applies to any silicon unless you fab it yourself.
              Of course.

              Comment


              • #37
                Glad to see all this healthy sceptimism. Seems like we have not quite lost yet.

                Comment


                • #38
                  Originally posted by Sethox View Post
                  linuxgeex Most people see the backing and thinking "yeah, because I can trust these ones for anything else right?" and they are right in their skeptical attitude.
                  Thanks, and you're preaching to the choir. I'm one of the most sceptical people you'll ever meet. I believe everyone should trust their own judgement, and they can't exercise judgement without looking at all sides. So I'll provide contrasting views even if those views are not my own. It drives my partner nuts because when others praise her, she knows that leads me to consider her flaws. OTOH when others are criticising her, she knows I'm considering her virtues. When she brings me a brilliant plan, I offer ways it can fall apart. When she frets how things may fall apart, I offer ways to keep it together.

                  There's an old Jewish proverb: if 9 out of 10 people believe something, it is probably right. If 10 out of 10 believe it, it's questionable. Why? Because if everyone believes it, nobody questions it, and if nobody questions things, apocrypha will abound.

                  Some apocrypha is seriously harmful. For example, the idea that GMOs are harmful. Monsanto made mistakes at the dawn of genetic manipulation, and their lack of ethics together with poor choices by commercial farmers led to huge amounts of bad press for Monsanto and GMOs. The press, fearful stakeholders, and Luddites, have fuelled a lot of FUD around GMOs. For the most part their arguments ignore the fact that we've been making GMOs via selective breeding for millennia, and that's nearly everything we eat today. To ignore the past is to repeat the past. Generations after Monsanto's mistakes Humanity has made a lot of progress. We learn from our mistakes, and we do better. There's people doing the real, hard, research work to become knowledgeable on the subject. They're the ones who have earned our attention. Fear not - listen to the shills on both sides, weigh the benefits and risks, and use your own judgement.

                  Personally, I think the whole GMO issue is oversold and the real problem nearly nobody is talking about is monoculture. Ironically Ireland, famous for the Potato Famine, has sweeping fear-driven anti-GMO legislation, but no anti-monoculture legislation. Yet it was monoculture that caused the potato famine. Monoculture is the reason for heavy global pesticide use. Heavy global pesticide use is the cause of the health problems that most of the well-educated people campaigning against GMOs are trying to avoid and where do you think the funding for the misdirect is coming from? Who benefits? Monsanto - the people selling the monoculture and pesticides.
                  Last edited by linuxgeex; 20 October 2022, 06:15 AM.

                  Comment


                  • #39
                    Every time you read these announces it ends up always that installing any *nix OS becomes harder and problematic.

                    Comment


                    • #40
                      Originally posted by Ironmask View Post
                      It's about time Analog TRNG was added as standard. How did we go this many decades without that being on every desktop?
                      Hardware RNGs were dropped in favour of software RNGs. The Pentium III already had a hardware random number generator based oscillators. Software RNGs can produce more results than there are atoms in the universe. It is now about finding enough entropy for seeding a software RNG, or, to combine hardware and software RNG for creating the best result.

                      Comment

                      Working...
                      X