[lkiux]

Does this, like SGX, require signing by AMD itself?

This is a major letdown for SGX adoption, making it essentially useless for anyone but maybe niche markets trying to protect IP on cloud services.

If a master key COULD be loaded by the OS early at boot time (and cannot be replaced until CPU reset), it would be incredibly useful to create software-based TPM services that provide trusted isolation where needed.

It seems as if intel/amd are doing this 'just because die space is cheap, and why not try "ip-protection-as-a-service"' instead of a truly generic solution.

[VT_Drew]

>Does this, like SGX, require signing by AMD itself?

I don't know the answer to this question, but AMD does tend to be more "open" than their competitors (look at FreeSync vs Gsync). So maybe there is hope here.

[sweis]

I think Intel backed away from the documentation that implied all signed enclaves had to go through them. I think people can attest their own SGX enclaves.

[anonymousDan]

Really? Where did you hear/see that? Would be really interested to get a link.

[wmf]

http://lwn.net/Articles/686811/

[amluto]

Unless the docs changed from last time I read them, those MSRs aren't one shot.

Also, the fact that anyone at Intel calls the signing system a "root of trust" makes me think that Intel is deluding itself. It's a root of licensing authority, not a root of trust in the system. You could set those MSRs to a public key for which everyone knows the private key and everything would work just fine.