| 1 |
On Thu, Feb 25, 2016 at 2:06 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> On Wednesday 24 Feb 2016 19:08:42 Rich Freeman wrote: |
| 3 |
>> On Wed, Feb 24, 2016 at 4:05 AM, Frank Steinmetzger <Warp_7@×××.de> wrote: |
| 4 |
>> > Well my concern was more that SGX would provide leverage for even more |
| 5 |
>> > eavesdropping, rather than prohibit it. |
| 6 |
>> |
| 7 |
>> Yeah, I'm one of those persons who tends to consider most fears of |
| 8 |
>> TPMs and UEFI overblown, but these CPUs that almost have independent |
| 9 |
>> CPUs inside with full RAM+hardware access which are secured against |
| 10 |
>> the main CPU do concern me quite a bit. |
| 11 |
> |
| 12 |
> You have to see this from a demand angle of the computing market. I suspect |
| 13 |
> Intel is just responding to market demand for 'better security'. For big |
| 14 |
> corporates better security means protection from internal (employees) as well |
| 15 |
> as external threats. Most CIOs would sleep comfortably in the thought that |
| 16 |
> they can blame Intel when things go sideways and try to keep their jobs among |
| 17 |
> the blame-fest and ricochets that ensues. Of course our concept of security |
| 18 |
> (who we trust with our computing) is orthogonal to your average CIO's out |
| 19 |
> there who are invariably acting as a procurement agent. Dare I observe, we do |
| 20 |
> not really feature as a target market for Intel. |
| 21 |
> |
| 22 |
|
| 23 |
All they need to do is provide the private key associated with the CPU |
| 24 |
to the owner upon purchase. In the case of a corporate computer, the |
| 25 |
corporation gets the keys to the PC. |
| 26 |
|
| 27 |
Most people wouldn't bother making any use of the key. However, those |
| 28 |
who are interested could sign libreboot or whatever with it and now |
| 29 |
they have full control over their PC. Indeed, they could then use |
| 30 |
that control to ensure that nobody else goes tampering with their PC, |
| 31 |
which is in fact the intended purpose of this feature anyway. |
| 32 |
|
| 33 |
The problem is that Intel's solution effectively gives them a |
| 34 |
back-door into everybody's PC. |
| 35 |
|
| 36 |
-- |
| 37 |
Rich |
Archives