| For reference, this is talking about Intel SGX (though they also funded AMD's SEV which is what Google uses internally) Unlike the negative spin put on this by Politico, it does have actual tangible usecases in encryption and locking down your attack surface from a process based attack standpoint, as well as minimizing side channel attacks. When you're dealing with nation state level espionage, it's a valid attack surface. This is also the underlying research that enabled the entire Confidental Computing segment (eg. Fortanix and Hashicorp Vault) Edit: What is confidential computing? Basically how to process data in use without knowing the underlying data itself. So, if I need to train a model on PII, I can encrypt that PII dataset yet still get an equally functional model. This means requiring trusted execution on R/W+ functions, ideally via some form of a trusted VM. Sort of like eBPF's VM but even more lower stack. |
Every modern smartphone user benefits from the mobile flavors of confidential computing today, protecting biometrics or mobile pay wallets with implementations like Apple's Secure Enclave or Samsung Knox (based on ARM TrustZone).
It protects from real attacks seen in the wild. For example, Volt Typhoon (state-level actor) as reported by CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa... , or the attack against CircleCI in 2023 as I wrote in https://www.anjuna.io/blog/memory-dumping-attacks-are-not-ju... .