[cwmma]

In theory you only need to trust the hardware to be correct, since it doesn't have the decryption key the worst it can do is give you a wrong answer. In theory.

[esseph]

But can you trust the hardware encryption to not be backdoored, by design?

That's my point, this sounds like a way to create a backdoor for at-rest data.

[jayd16]

By design, you don't trust it. You never hand out the keys so there's no secret to back door. The task is never unencrypted, at rest or otherwise.

[cassonmars]

You can if the manufacturer has a track record that refutes the notion, and especially if they have verifiable hardware matching publicly disclosed circuit designs. But this is Intel, with their track record, I wouldn't trust it even if the schematics were public. Intel ME not being disable-able by consumers, while being entirely omitted for certain classes of government buyers tells me everything I need to know.

[anon291]

Well yeah... You do the initial encryption yourself by whatever means you trust

[rjmunro]

There is no hardware encryption or decryption.

I encrypt some data and keep the key. I send the encrypted data to you (probably some cloud provider). I tell you to do some operations on the data. I don't tell you the key or what the data is or what the operations mean. You send the results back to me. I use the key to decrypt them.

You have helped me with my compute task, but the data you have is totally meaningless without the key, and only I have the key.

It's hard to believe that it's possible to make encryption where this can do useful work, but it is.

[bilekas]

> That's my point, this sounds like a way to create a backdoor for at-rest data.

I get the feeling honestly it seems more expensive and more effort to backdoor it..