[Agingcoder]

Ok I thought that was the whole point of things like Intel TDX , AMD SEV and various enclave mechanisms which provide full ram encryption and attestation ?

The only issue left would be managed services though, which then I wouldn’t use, but I’d be able to run my own postgre safely on infra I’m renting.

[fragmede]

Supposedly, yes, but in a world that was caught flat footed with RowHammer, Spectre, and Meltdown; if I wouldn't trust those with a lot of other people's lives within a shared Cloud environment.

Intel's SGX has been broken a number of times and that should be harder to break than TDX. Like I said in my original comment though, do all the things. But if you find yourself relying on TDX to protect live(s), please pay a computer security professional to audit your security and do a threat assessment.

[fragmede]

eg, https://news.ycombinator.com/item?id=45746753

[Agingcoder]

Point taken, thanks a lot for playing along.

I’ll do all the things if ever needed, but I get that if a cloud act request happens , your cloud provider will be able to get your stuff.

I’m specialized enough in another field to know that I’m not a security person in spite of my interest in it ( I used to enjoy reverse engineering back in the days ) - I wouldn’t make that kind of decision without consulting a professional first.