| So, if I remember correctly AMD PSP started out as a response to Intel ME, whose main selling point at the time was that businesses could remote into a compromised system and wipe malware without the malware being able to fight back. PSP also enables a few other things like encrypted virtualization - being able to lock AWS's staff out of the contents of my VMs' memory. That sort of feature isn't really useful to individual consumers. SGX is an interesting case since Intel actually axed the feature a year ago. The only thing it did was enable more DRM for 4K Blu-Rays, and Hollywood's response to that feature going away has been to just refuse to let you play 4K Blu-Rays on PCs. I'm not sure what other feature is involved here that would make sense in this use case. I mean, yes, PSP also can be used to enforce BIOS signing requirements, but the whole point of Coreboot is to be able to have a Free-as-in-freedom BIOS that you can legally and technically modify. If you wanted to do Apple-style secure local signing[0] of the modified BIOS, that'd be cool, but as far as I'm aware that's not on offer. So the PSP is a security deadweight for the kinds of techies that would care about Free BIOS. Furthermore, there IS a very large customer that has wanted to remove these kinds of secure enclaves from their systems: the US government, specifically the National Security Administration[1]. There's a special configuration option in Intel ME to turn off everything but basic system bring-up. Why would the NSA want to turn off "privacy and security software" on their own machines? Well, again, the whole "wipe a compromised system without the malware being able to resist" thing implies that this isn't merely a security enclave, but a backdoor that could be compromised by a third-party. If you aren't specifically using that remote management stuff, you want the ME to be as brain-dead as possible. [0] On Apple silicon that is fused for Macs, the bootloader allows booting operating systems that are signed with the Secure Enclave's local key. There is no unsigned boot; instead the Owner account on macOS has to authorize signing a new third-party OS in a special recovery mode in order to install, say, Linux or whatever. Oh, and Apple doesn't actually give the Secure Enclave the ability to mess with the main application processor. It's more akin to a TPM, where it can withhold encryption keys from the regular OS but it can't actively snoop on it. So they also understand why PSP/ME were bad ideas. [1] https://www.csoonline.com/article/3220476/researchers-say-no... |
Do you have a source for this?
> SGX is an interesting case since Intel actually axed the feature a year ago. The only thing it did was enable more DRM for 4K Blu-Rays, and Hollywood's response to that feature going away has been to just refuse to let you play 4K Blu-Rays on PCs.
Signal used Intel SGX for remote attestation of their servers and is also using it for their upcoming username/password features to generate keys without Signal's knowledge (since it's a private enclave).
> Furthermore, there IS a very large customer that has wanted to remove these kinds of secure enclaves from their systems: the US government, specifically the National Security Administration[1]. There's a special configuration option in Intel ME to turn off everything but basic system bring-up. Why would the NSA want to turn off "privacy and security software" on their own machines? Well, again, the whole "wipe a compromised system without the malware being able to resist" thing implies that this isn't merely a security enclave, but a backdoor that could be compromised by a third-party. If you aren't specifically using that remote management stuff, you want the ME to be as brain-dead as possible.
I need a source saying PSP has remote management capability.
> Oh, and Apple doesn't actually give the Secure Enclave the ability to mess with the main application processor. It's more akin to a TPM, where it can withhold encryption keys from the regular OS but it can't actively snoop on it. So they also understand why PSP/ME were bad ideas.
What does "snoop" mean here? How can PSP "snoop" without remote management capability?