Similar to TLS, the attestation includes a signature and a x509 certificate with... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		MagicalTux 4 months ago \| parent \| context \| favorite \| on: A privacy VPN you can verify Similar to TLS, the attestation includes a signature and a x509 certificate with a chain of trust to Intel's CA. The whole attestation is certified by Intel to be valid and details such as the enclave fingerprint (MRENCLAVE) are generated by the CPU to be part of the attestation. This whole process is already widely used in financial and automotive sectors to ensure servers are indeed running what they claim to be running, and well documented.

kachapopopow 4 months ago | [–]

Remember that this only works if the cpu can be trusted! The hardware still has to be secure.

stavros 4 months ago | [–]

That's very informative, thanks!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact