Y
Hacker News
new
|
ask
|
show
|
jobs
by
throwaway2048
3013 days ago
there is no way to "highly isolate" a VM from a host.
2 comments
lostmsu
3013 days ago
But there is (though I think they don't use it): TPM based host attestation.
link
throwaway2048
3013 days ago
The microsoft secureboot golden key got leaked, anything based on secureboot as a root of trust is 100% blown wide open.
https://web.archive.org/web/20170604013028/https://rol.im/se...
link
lostmsu
3002 days ago
I am not sure this depends on TPM. Care to share a link?
link
JensRex
3013 days ago
If you don't want to claw your eyes out while reading:
https://bpaste.net/show/571ef50296ac
link
q3k
3013 days ago
Theoretically possible via SGX.
link
mmozeiko
3013 days ago
Which can be defeated with SgxSpectre:
https://arxiv.org/abs/1802.09085
link
snuxoll
3013 days ago
Oh goodie, I wonder if Netflix is going to disable 4K support on PC as a result of this (the requirement for Skylake was due to SGX).
link
gruez
3013 days ago
Worthless if the GPU doesn't have something similar. Otherwise you can monitor the pci-e lanes for all the data the cpu is sending over to the gpu.
link