top | item 30053808

(no title)

The point of locking the CPU to a specific vendor is to reduce the trusted user base in the cloud.

Currently you have to trust AMD, the Vendor, and the data center with your data.

The goal of verification of the firmware at such a low level is to eliminate tampering by the data center.

Having another feature like SEV (encrypted memory) combined with this lets you create a secure remote box that is fully encrypted at a very early stage in the boot process.

This reduces the chance of a malicious entity at a data center from tamping with the firmware to exfiltrate your keys.

Other people here are just ignorant and think it's being done purely for profit with no benefit to the end user.

discuss

No comments yet.