The effect of Meltdown and Spectre in our communities
The effect of Meltdown and Spectre in our communities
Posted Feb 2, 2018 14:09 UTC (Fri) by mjthayer (guest, #39183)In reply to: The effect of Meltdown and Spectre in our communities by fuhchee
Parent article: The effect of Meltdown and Spectre in our communities
> Sure. But part the cloud infrastructure is a "secret" being run on the same piece of hardware as the isolated customer's code.
Even if we assume that the infrastructure in the individual machines is proprietary code, rather than "public" open source, or that that infrastructure has access to secrets about the bigger cloud set-up rather than just waiting for instructions from other machines (I do not know much about cloud infrastructure I must admit), I would expect the main protection for provider and customer from each other would be the trust based on their business relationship, backed up by laws, rather than technical capabilities of the CPUs.
Posted Feb 2, 2018 14:28 UTC (Fri)
by fuhchee (guest, #40059)
[Link]
I'm talking about the simple bits & bytes level. A machine that participates in cloud infrastructure must necessarily have some secrets, for example those associated with authenticating itself to that infrastructure. Whether that's in the kernel, hypervisor, an administrative peer userspace VM, or some crypto coprocessor, doesn't matter. If that same piece of hardware also runs tenant code, "insanity" ensues.
The effect of Meltdown and Spectre in our communities