|
|
|
|
|
|
by goldsteinq
407 days ago
|
|
|
It’s kinda hard to find out from this website who do you trust in this model. I think the answer is that you trust the hardware manufacturer: the initial attestation uses private key built into the hardware, and NVIDIA could, in principle, have a copy of that key. A bigger question is where is the source code for enclave containers. They have a lot of repos on their GitHub, but it’s really not clear how to use it to reproduce their images. |
|
|