Timely considering the current (yet another) chip act. Presumably government mandated surveillance silicon would also require confidential compute capability.
Confidential computing is the straw for many people to overcome GDPR headaches in Europe. I know particularly medical researchers that hope that they get access to scalable infrastructure this way, because they can tick it as the only additional TOM on the processor side. As mentioned in the comments of OP though it is more a promise than a reality at the moment with very little actual benefit in term of reducing relevant attack vectors.
Maybe this will check a box in some OpenStack cluster but it wont work for me personally. Anything sensitive I use physical servers. Once I am on a VM of a physical server that is not mine then my data is their data. It is just turtles all the way down and there will always be a way to obtain data. Whats more this is required for lawful intercept and authorities expect providers today to be able to live copy/clone a VM. There will always be a back door and when authorities can access the back door, so can the providers and malicious actors. Even more unpopular is that to me encryption is just mathematical obfuscation a.k.a. magic math and the devil is in the implementation details remember WEP and DVD encryption? Just like cell phones there will always be some simple "debugging" toggle function that can bypass it.
Years ago, I saw a demo for a confidential gaming VM with the idea that games could ship with a whole VM instead of an anti cheat engine. Most of the tech was around doing it performantly. I wonder why it was never productized.
I find the article a difficult read for someone not versed in “confidential computing”. It felt written for insiders and/or people smarter than me.
However, I feel that “confidential computing” is some kind of story to justify something that’s not possible: keep data ‘secure’ while running code on hardware maintained by others.
Any kind of encryption means that there is a secret somewhere and if you have control over the stack below the VM (hypervisor/hardware) you’ll be able to read that secret and defeat the encryption.
Maybe I’m missing something, though I believe that if the data is critical enough, it’s required to have 100% control over the hardware.
Now go buy an Oxide rack (no I didn’t invest in them)
Apple has done a good job on the implementation and documentation for their confidential computing (https://security.apple.com/documentation/private-cloud-compu...) but of course it’s Apple only. There’s a few folks working on a non-Apple version of this, eg https://confident.security/ and others (disclaimer that I helped work on a very early version of this.
Read the Apple docs - they are very well written and accessible for the average HN reader.
I'd recommend anyone interested in Confidential Computing to read the work from Rodrigo Branco (@BSDaemon) to understand why it's mostly a failure and a PR stunt from cloud providers to give the illusion that the customer stays in control, while at the same time the hardware capabilities CC is built upon are unsecure (and can't be fixed by firmware or microcode update, most of the time).
Even if you were to trust secure boot and that there are no cpu bugs around the isolation, you're still running on someone else's hardware.
The CPU and Secure boot has no reliable way to tell if the hardware was modded to allow bus snooping or a fake crash that still keeps the memory on a refresh loop.
Don't put things in the cloud if your threat model doesn't allow you to trust the cloud provider, or whoever has the power to compell your cloud provider to do things.
10 comments
[ 2.6 ms ] story [ 29.0 ms ] threadhttps://www.atlanticcouncil.org/blogs/geotech-cues/how-the-c...
However, I feel that “confidential computing” is some kind of story to justify something that’s not possible: keep data ‘secure’ while running code on hardware maintained by others.
Any kind of encryption means that there is a secret somewhere and if you have control over the stack below the VM (hypervisor/hardware) you’ll be able to read that secret and defeat the encryption.
Maybe I’m missing something, though I believe that if the data is critical enough, it’s required to have 100% control over the hardware.
Now go buy an Oxide rack (no I didn’t invest in them)
Read the Apple docs - they are very well written and accessible for the average HN reader.
For example, a direct link to his keynote slides from ESA 3S conference last year (PDF): https://indico.esa.int/event/528/attachments/5988/10212/Keyn...
The CPU and Secure boot has no reliable way to tell if the hardware was modded to allow bus snooping or a fake crash that still keeps the memory on a refresh loop.
Don't put things in the cloud if your threat model doesn't allow you to trust the cloud provider, or whoever has the power to compell your cloud provider to do things.