|
|
|
|
|
|
by comex
980 days ago
|
|
|
That is not the case for the latest CPU extensions for encrypted VMs, AMD SEV-SNP and Intel TDX, which are designed to allow remote attestation based on a key hidden in the CPU that the hypervisor does not get access to. The hypervisor only ever sees the VM’s memory in encrypted form, and it’s integrity-checked by the CPU to prevent replay attacks. |
|
|
Besides, a nation-state actor can compel Intel to disclose your CPU's key.