Hacker News new | ask | show | jobs
by MagicalTux 309 days ago
Intel audits configuration on system launch and verifies it runs something they know safe. That involves CPU, CPU microcode, BIOS version and a few other things (SGX may not work if you don't have the right RAM for example).

The final signature comes in the form of a x509 cerificate signed with ECDSA.

What's more important to me is that SGX still has a lot of security researchers attempting (and currently failing) to break it further.
1 comments
junon 309 days ago
Depends on your threat model. You cannot, under any circumstance, prove (mathematically) that a peer is the only controller of a private key.

Again, I would love to know if I'm wrong.

The fact that no publicly disclosed threat actor has been identified says nothing.

link
doublerebel 308 days ago
Proving a negative that information has not been shared has been a challenge from the beginning of information.

Are you suggesting a solution for this situation?

link
pydry 308 days ago
In this case it's rather like trusting that a government issued private key has not been stored by the government for further use.
link