https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w

BDFL of Quilibrium, Eng @ Farcaster, ex-Coinbase, always opinionated, never hydrated

/quilibrium

Is it possible to make TEEs reliably secure?

Stay Curious // iixii // Lazer Technologies // Prev: CoinDesk, Roc Nation // based

TEEs should never be the fundamental component of security. They should only be defense in depth. That being said, TEEs directly embedded in the main processor of a computer are unlikely to be secure. On top of microcode updates frequently being able to modify the TEE's functionality, shared caches, shared power draw, timing side channels (either all or some, depending on the implementation) contribute to leakage and exploitation vectors. There is a reason that actual security hardening for things that matter (high value keys, sensitive compartmented information, etc.) goes to extraordinary lengths to airgap things, down to separate, scrubbed power mains, thick concrete walls, separate furniture for devices to rest on, etc.