Lyron Co Ting Keh
@lyronctk
"Wtf, we already scrapped TEEs in 2019, how can people forget" - common complaint floating around now Isn't accurate. Current discourse isn't "forgetting" and pushing the same approach again. The landscape has completely changed since 2019: - [1] Alternative risks to not deploying enclaves have increased. Eg: risk of casino winning - [2] Complementary technologies that patch up enclave shortcomings have been productionized. Eg: zkVMs - [3] Clearer now that exotic forms of cryptography won't get the job done anytime soon. Eg: attribute-based encryption - [4] New virtualization-based enclave designs available. Eg: TDX This is technology. Trying old ideas again under new conditions is the backbone of our innovation cycle. If "we've tried that already" was our industry's motto, we wouldn't have Tesla, Oculus, or even Bitcoin.
2 replies
0 recast
6 reactions
EulerLagrange.eth
@eulerlagrange.eth
TDX isn’t actually better except for cloud hosts like AWS/Gcloud. It’s a better abstraction, but it’s done at the OS level. So you inherit the security issues with the OS. If that libzma vulnerability was there for OS image run on TDX, then the attacker could still SSH in and potentially change any running services
2 replies
0 recast
3 reactions
Hang Yin
@h4x3rotab
It's also the worry of a lot of early SGX adopters. Flashbots team is building on yoctoproject.org to ship a minimized Linux image in TDX. However, the benefit of having an OS is too attractive to developers to just ship something working.
0 reply
0 recast
0 reaction
Lyron Co Ting Keh
@lyronctk
fair point! i was referring to it here in the context of cloud hosts
0 reply
0 recast
0 reaction
