On Fri, Nov 06, 2020 at 11:43:59AM -0600, Dr. Greg wrote: > The 900 pound primate in the room, that no one is acknowledging, is > that this technology was designed to not allow the operating system to > have any control over what it is doing. In the mindset of kernel > developers, the operating system is the absolute authority on > security, so we find ourselves in a situation where the kernel needs > to try and work around this fact so any solutions will be imperfect at > best. > > As I've noted before, this is actually a primary objective of enclave > authors, since one of the desires for 'Confidential Computing' is to > hide things like proprietary algorithms from the platform owners. I > think the driver needs to acknowledge this fact and equip platform > owners with the simplest and most effective security solutions that > are available. Or we need to not merge "technology" that subverts the owner of the hardware. Remember: root kit authors are inventive buggers.
