MK-TME allows having memory encrypted at run time, and the platform TPM signs an attestation saying the memory was not altered.
replyMalicious code can't be injected at boot without breaking that TPM.
Subject to the huge caveat that the attacker does not have physical access. https://tee.fail/
replyAn interesting implementation flaw, but not a conceptual problem with the design.
replyWell, it kind of is actually. The previous iteration of the design didn't have that vulnerability but it was slower because managing IVs within the given constraints adds an additional layer of complexity. This is the pragmatic compromise so to speak.
replyDoes it count as a conceptual problem when technical challenges without an acceptable solution block your goal?
deleted
reply