Images are a false simplification
Images are a false simplification
Posted Nov 6, 2025 1:32 UTC (Thu) by Nahor (subscriber, #51583)In reply to: Images are a false simplification by bluca
Parent article: A security model for systemd
Not really. It's more like it is an unsolvable problem (or at least impractical to do so) so we choose to stop there.
> you trust the vendor who sold you your CPU
Plenty of people will argue you can't ("blabla manufacturing blabla China blabla" and "blabla NSA blabla backdoor blabla")
Posted Nov 6, 2025 2:46 UTC (Thu)
by intelfx (subscriber, #130118)
[Link] (1 responses)
That's the point of the GP, which I believe you have missed.
If you don't trust your CPU vendor enough to believe that their root of trust implementation is not subverted by your malicious actor of choice, then why would you trust *anything* that comes out of that CPU against the same malicious actor? The only logical choice of action would be to throw the CPU away immediately.
And if you haven't done that, then it necessarily follows that you *do* trust the CPU vendor, so it's fine if they implement a root of trust too.
Posted Nov 6, 2025 10:29 UTC (Thu)
by excors (subscriber, #95769)
[Link]
Ideally the people you trust under the second definition are also trusted under the first definition, but in practice you can rarely have that level of belief in anyone, so you're knowingly opening yourself up to some risk of harm.
You can't prevent your CPU vendor harming you, so you do trust them under the second definition. The best you can do is minimise risk by ensuring they're the only people who can harm you.
Images are a false simplification
Images are a false simplification