back to article Red Hat smitten by secure enclaves 'cos some sysadmins are evil

Red Hat has revealed a plan to to work with CPU-makers so that its wares can take advantage of in-silicon security features such as secure enclaves. The company today told attendees at its 2018 Summit in San Francisco that it will work with major silicon shops, including Arm, Intel, and AMD, to move operations such as handling …

  1. whitepines
    Facepalm

    So this just...moves the risk upstream past the OS vendor to the chip vendor, where there is zero chance for a mere mortal to be able to demand that the vendor fix anything security-wise, and where a stellar track record for bad code already exists (Intel ME, etc.)...

    Sounds like some rear-end-covering for RedHat, and another win for the ever-growing Orwellian spy apparatus (do you really think Intel is going to fight NSLs or publish secret information requests?). Plus, some extra cash to the vendors for another pay-as-you-go blind trust scheme ala SSL certificates.

    1. Will Godfrey Silver badge

      Strange... That was my first thought too as I was reading the article.

  2. Chairman of the Bored

    Totally agree with first two posters...

    ...and will add the observation that security research and peer review becomes significantly harder.

    1. Anonymous Coward
      Anonymous Coward

      Re: Totally agree with first two posters...

      Amen. Is it time to start thinking about applying fuzzing to the secure enclave yet? That may be the only way to find the seams in that code.

      1. Pascal Monett Silver badge
        Coat

        Re: "may be the only way to find the seams in that code"

        Well, you could try reverse-engineering with electron microscope, but you'd likely find the FBI beating down your door with a DCMA takedown and at least ten years on a plea bargain, so yeah, fuzzing the secure enclave sounds like a good idea . . for now.

      2. Michael Wojcik Silver badge

        Re: Totally agree with first two posters...

        Is it time to start thinking about applying fuzzing to the secure enclave yet? That may be the only way to find the seams in that code.

        It's not like people haven't already found problems with, say, Intel's SGX. Or with other secure enclave implementations.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like