Article note: It's almost like introducing piles of hideously complicated features with poorly-understood interactions to processors is not conducive to security.
Especially ones specifically designed to cross-cut the security model of the processor and let people-not-the-computer's-owner run code privileged outside the normal hierarchy.
Now strap in for another round of feature-disabling, performance sapping microcode updates.
For the past two years, modern CPUs—particularly those made by Intel—have been under siege by an unending series of attacks that make it possible for highly skilled attackers to pluck passwords, encryption keys, and other secrets out of silicon-resident memory. On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors.
Abbreviated as SGX, the protection is designed to provide a Fort Knox of sorts for the safekeeping of encryption keys and other sensitive data even when the operating system or a virtual machine running on top is badly and maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.
Key to the security and authenticity assurances of SGX is its creation of what are called enclaves, or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU.
Article note: Rentseeking the rentseeekrs.
We really need more online public spaces that are actually public, not just hustles done up to look like communities.
Reddit is commercialized usenet, the "unbundled" craigslists FTA are all _pure_ rentseeks.