The Linux SVSM project
The Linux SVSM project
Posted Feb 7, 2023 14:28 UTC (Tue) by JanC_ (guest, #34940)In reply to: The Linux SVSM project by farnz
Parent article: The Linux SVSM project
Posted Feb 7, 2023 14:33 UTC (Tue)
by farnz (subscriber, #17727)
[Link] (1 responses)
Right, but the processor he verifies could itself have a security processor that's hidden, and that runs the verified code in a hypervisor allowing the CPU manufacturer to backdoor it. There is simply no affordable route, short of trusting the CPU manufacturer, to verify that the hardware they have described to you is the hardware that's running in your system. The best you can do is to destroy a random sample of CPUs, reverse-engineering them with an electron microscope, to confirm that there's nothing hidden - and this is both expensive, and also depends on the CPU manufacturer including backdoored CPUs in the set you destroy.
And even then, you have to trust that the electron microscope is not backdoored, and that the reverse engineers are honest…
Posted Mar 11, 2023 1:57 UTC (Sat)
by ghane (guest, #1805)
[Link]
... also that farnz hasn't backdoored the problem statement.
... and that corbet hasn't backdoored the comment which told us exactly what to do to check.
My head hurts. :-)
The Linux SVSM project
The Linux SVSM project