Announcement

Collapse
No announcement yet.

Intel TDX For Confidential VMs Causing Concern Among Fedora & Open-Source Advocates

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by sophisticles View Post
    This is what the open source community worries about?

    There are two major wars going on with no end in sight, the global economy is a mess, unemployment is sky high, crime is rampant, we are going to hell in a hand basket and the open source community is wringing their hands over some trivial minutiae based sophomoric bull session.

    I think it's time for the open source community to grow up if they care at all about the rest of the computing public taking GPL'd software seriously.
    Well you seem to worry about what other people are worrying about And doing so reading comments on a tech news site. A pot calling the kettle black much?

    Comment


    • #12
      Intel is falling lover every year
      Don't support this nonsense

      Comment


      • #13
        Originally posted by sophisticles View Post
        This is what the open source community worries about?
        You, just one day ago:

        I used to use Tumbleweed but I have found that it breaks after updates way too often for my tastes.
        Seems like you worry about even more inconsequential things. I don't get why you're complaining about Fedora trying to figure out a way forward when it comes to packaging third-party signed software, which is becoming more and more important.

        Comment


        • #14
          Originally posted by dEnigma View Post
          Seems like you worry about even more inconsequential things. I don't get why you're complaining about Fedora trying to figure out a way forward when it comes to packaging third-party signed software, which is becoming more and more important.
          My comments about Tumbleweed are not a sign of me "worrying:, it was a statement of why I do not use it.

          Did any of you bother reading the article, the "concerns" raised are nonsense.

          The code is open source but the signing certificate is not, which is kind of necessary if you want TDX to actually work,

          If the signing certificate were also open then it wouldn't provide too much security, now would it.

          Some people seem to equate this with closed source firmware by Linux distributions, which I hate to break it to everyone is literally included in all x86 hardware, from AMD, Intel and NVIDIA.

          This is literally a nothing burger, some guy that wants to justify his job creating a faux controversy.

          If people are this bent out of shape about this then don't use Intel at all.

          Better yet, switch to a distro family that doesn't have their heads in their cans and move on with your life.

          Seriously, the Fedora ecosystem gets worse by the day, is it any wonder they default to the Gnome DE?

          Comment


          • #15
            It seems a lot of you are misunderstanding exactly what's being signed. It's not the software in the virtual machine that needs to be signed by Intel, it's libraries that are essentially "motherboard firmware for the virtual machine".

            Intel TDX is about encrypting and page-table-protecting your VPS's RAM so a malicious employee at your hosting provider with admin access on the host OS can't read credentials out of it during those periods when they have to be in the clear in RAM.

            This part is about extending secure boot attestation up the stack so you can enroll your own secure boot keys into a cloud VM and trust that nobody has man-in-the-middle'd the chain of trust between you and the motherboard.

            If anything, you could think of Intel TDX as extending the whole "your OS can't read/write RAM claimed by the BluRay decryptor running on the Intel Management Engine" thing so you don't have to sign a deal with Intel to get access to that "I don't want the OS to see what's going on inside here" functionality.
            Last edited by ssokolow; 15 May 2024, 08:04 PM.

            Comment


            • #16
              I agree that this is not like proprietary firmware, because the software is free.

              It's about treacherous computing and tivoization, which is also a valid reason to reject it.
              TDX may seem necessary for cloud computing, but one should think whether cloud computing is so necessary.
              If you can't trust your cloud provider to protect your computing, maybe you should not have a cloud provider.
              Trying to fix it by trusting the provider of your provider is only adding a layer of complexity. It's security by obscurity, so it will just lead to bigger problems later on.
              The obscurity is not in the code itself, it's in the signer entity, in the trust.
              If you trust the hardware to interpret the code right, you can inspect the signed free software, but the hardware may reject that verified software you inspected at any future time, and leave you with the only option of shutting down, or installing new versions that you can't inspect, or don't like or might even not be free anymore, if they even allow you that.

              On the other hand there are similar concerns already on the boot chain, so if you don't blindly trust the vendor of that hardware and the people who may at any future time, manage, police, coerce, attack or buy that vendor, the coherent option would be not to use that hardware, more than using a different distribution or changing a policy of a distribution.

              Comment


              • #17
                Originally posted by edxposed View Post
                TDX's target user base isn't going to consider using bureaucratic crap like Fedora, they're just asking for trouble.
                How bloody true.

                TDX doesn't even exist in consumer-grade processors used in desktop and notebook PCs. And Fedora is seldom used outside of desktops and notebooks. What a bunch of morons.

                Comment

                Working...
                X