[amanda99]

Does this not require one to trust the hardware? I'm not an expert in hardware root of trust, etc, but if Intel (or whatever chip maker) decides to just sign code that doesn't do what they say it does (coerced or otherwise) or someone finds a vuln; would that not defeat the whole purpose?

I'm not entirely sure this is different than "security by contract", except the contracts get bigger and have more technology around them?

[natesales]

We have to trust the hardware manufacturer (Intel/AMD/NVIDIA) designed their chips to execute the instructions we inspect, so we're assuming trust in vendor silicon either way.

The real benefit of confidential computing is to extend that trust to the source code too (the inference server, OS, firmware).

Maybe one day we’ll have truly open hardware ;)

[ignoramous]

Hi Nate. Routinely your various networking-related FOSS tools. Surprising to see you now work in the AI infrastructure space let alone co-founding a startup funded by YC! Tinfoil looks über neat. All the best (:

> Maybe one day we'll have truly open hardware

At least the RoT/SE if nothing else: https://opentitan.org/

[julesdrean]

Love Open Titan! RISC-V all the way babe! The team is bunker: several of my labmates now work there

[perching_aix]

Isn't this not the case for FHE? (I understand that FHE is not practically viable as you guys mention in the OP.)

[FrasiertheLion]

Yeah not the case for FHE. But yes, not practically viable. We would be happy to switch as soon as it is.

[rkagerer]

I agree, it's lifting trust to the manufacturer (which could still be an improvement over the cloud status quo).

Another (IMO more likely) scenario is someone finds a hardware vulnerability (or leaked signing keys) that let's them achieve a similar outcome.