Lyron Co Ting Keh
@lyronctk
"Wtf, we already scrapped TEEs in 2019, how can people forget" - common complaint floating around now Isn't accurate. Current discourse isn't "forgetting" and pushing the same approach again. The landscape has completely changed since 2019: - [1] Alternative risks to not deploying enclaves have increased. Eg: risk of casino winning - [2] Complementary technologies that patch up enclave shortcomings have been productionized. Eg: zkVMs - [3] Clearer now that exotic forms of cryptography won't get the job done anytime soon. Eg: attribute-based encryption - [4] New virtualization-based enclave designs available. Eg: TDX This is technology. Trying old ideas again under new conditions is the backbone of our innovation cycle. If "we've tried that already" was our industry's motto, we wouldn't have Tesla, Oculus, or even Bitcoin.
2 replies
0 recast
5 reactions
Lyron Co Ting Keh
@lyronctk
Yes, there are critical flaws with hardware security assumptions that must be addressed. Yes, many current proponents have never actually written TEE code. No, this is not an entire industry being classically insane. Conditions are different. TEEs are worth revisiting.
0 reply
0 recast
3 reactions
EulerLagrange.eth
@eulerlagrange.eth
TDX isn’t actually better except for cloud hosts like AWS/Gcloud. It’s a better abstraction, but it’s done at the OS level. So you inherit the security issues with the OS. If that libzma vulnerability was there for OS image run on TDX, then the attacker could still SSH in and potentially change any running services
2 replies
0 recast
2 reactions