This seems likely to be extremely weak. The TPM is somewhat useful for verifying that hardware that you own or fairly tightly specify is running what you think it is unless there is a moderately sophisticated physical attacker around. But for servers in the cloud? How are you even supposed to know what firmware, etc you’re verifying?
Actual confidential computing systems (TDX, fancy variants of SEV, etc) are meant to address this type of use case. The TPM isn’t.
9 comments
[ 11.0 ms ] story [ 1128 ms ] threadwhat will pricing look like (tried CMF-F)?
https://github.com/mithril-security/blind_llama/blob/main/do...
Thanks for your question and sorry for the delay in getting back to you!
The pricing information is available here: https://www.mithrilsecurity.io/pricing
Awesome to see people doing it and wish you the best of luck.
Actual confidential computing systems (TDX, fancy variants of SEV, etc) are meant to address this type of use case. The TPM isn’t.