[the_rectifier]

Dumping VM memory contents is pretty trivial.

[10000truths]

AMD's SEV and Intel's SGX should protect from this. Of course, you still have to take the VPS provider's word that they've enabled them on their CPUs.

[gruez]

...which is approximately zero VPS providers. I haven't seen them advertised outside of specialty azure/aws instance types.

[d110af5ccf]

> you still have to take the VPS provider's word that they've enabled them

No, you don't. Both of those implementations provide hardware attestation via vendor keys securely embedded in the CPU. I have no idea if any providers currently make such features available though.

[closeparen]

That is for applications specifically written to compute on the secure element, no?

[gruez]

The parent poster probably got his terminology confused. AFAIK SGX runs on the secure element, SEV is for isolating the VM from the host.