Source: www.schneier.com – Author: Bruce Schneier
Comments
Who? • February 11, 2025 11:04 AM
Not sure in other TEEs, but at least Intel® Software Guard Extensions™ (SGX) has fixed some of the vulnerabilities described in this article in the last years by means of firmware upgrades.
It would be great if current operating systems start using these TEEs; even if these enclaves are far from being perfect, they are another layer in a security model. Right now we have limited support for VM memory encryption, but no way to use SGX to —we say— store OpenSSH encryption keys. Only Linux has some sort of support for SGX, but up to my knowledge it is not enabled by default.
Who? • February 11, 2025 11:12 AM
Markus Friedl has done a great work supporting SGX as a FIDO-style authenticator; however, being an OpenBSD developer, his work is available only on Linux. It is sad not having support for SGX in OpenBSD.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2025/02/trusted-encryption-environments.html
Category & Tags: Uncategorized,academic papers,encryption – Uncategorized,academic papers,encryption
Views: 0
