top | item 44919143

(no title)

MagicalTux | 6 months ago

Intel audits configuration on system launch and verifies it runs something they know safe. That involves CPU, CPU microcode, BIOS version and a few other things (SGX may not work if you don't have the right RAM for example).

The final signature comes in the form of a x509 cerificate signed with ECDSA.

What's more important to me is that SGX still has a lot of security researchers attempting (and currently failing) to break it further.

discuss

junon|6 months ago

Depends on your threat model. You cannot, under any circumstance, prove (mathematically) that a peer is the only controller of a private key.

Again, I would love to know if I'm wrong.

The fact that no publicly disclosed threat actor has been identified says nothing.

doublerebel|6 months ago

Proving a negative that information has not been shared has been a challenge from the beginning of information.

Are you suggesting a solution for this situation?