>how Amazon and other hyperscalers can promise you virtual machines whose memory cannot be touched even in the case the host is compromised (and, by extension, also if the feds arrive to v& your server).
replyEven if we take those promises at face value, it practically doesn't mean much because every server still needs to handle reboots, which is when they can inject their evil code.
MK-TME allows having memory encrypted at run time, and the platform TPM signs an attestation saying the memory was not altered.
replyMalicious code can't be injected at boot without breaking that TPM.
Subject to the huge caveat that the attacker does not have physical access. https://tee.fail/
replyAn interesting implementation flaw, but not a conceptual problem with the design.
replyWell, it kind of is actually. The previous iteration of the design didn't have that vulnerability but it was slower because managing IVs within the given constraints adds an additional layer of complexity. This is the pragmatic compromise so to speak.
replyDoes it count as a conceptual problem when technical challenges without an acceptable solution block your goal?
deleted
replyIf your threat model is being v& by feds, maybe you should keep your server at home behind Tor.
replyHosting tor outbound server at home is stupid idea.
replyYour home is gonna be raided by Police and you will wait months or year to get your shit back and then if nothing, gonna be charged for having pirated windows and Photoshop lol
real story