Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Intel audits configuration on system launch and verifies it runs something they know safe. That involves CPU, CPU microcode, BIOS version and a few other things (SGX may not work if you don't have the right RAM for example).

The final signature comes in the form of a x509 cerificate signed with ECDSA.

What's more important to me is that SGX still has a lot of security researchers attempting (and currently failing) to break it further.



Depends on your threat model. You cannot, under any circumstance, prove (mathematically) that a peer is the only controller of a private key.

Again, I would love to know if I'm wrong.

The fact that no publicly disclosed threat actor has been identified says nothing.


Proving a negative that information has not been shared has been a challenge from the beginning of information.

Are you suggesting a solution for this situation?


In this case it's rather like trusting that a government issued private key has not been stored by the government for further use.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: