FRESH

Hacker News

New attacks are diluting secure enclave defenses from Nvidia, AMD, and Intel

71 points by voxadam

by codedokode

5 subcomments

As I understand, the purpose of "secure enclaves" is to enforce DRM, copyright protection, anti-debugging measures, so breaking them is a good thing.

by immibis

1 subcomments

Good. I like the idea of a secure enclave that I own and control when it's in my computer but in practice almost all of them are deployed in a user-hostile way to the benefit of shareholders, to the point that burning the whole idea down would improve society. Imagine if every ROM and piece of CPU microcode was a lot more transparent.
These things are often used because of contractual requirements. Mainstream media including video games are often contractually protected: you must not let it run/play on any device without sufficient hardware protections. So vendors have to include these protection systems even if they don't want to. If the systems were useless, this might end.

by Whinner

4 subcomments

From the article, "The low-cost, low-complexity attack works by placing a small piece of hardware between a single physical memory chip and the motherboard slot it plugs into. It also requires the attacker to compromise the operating system kernel". "Low-complexity" requires physical access and an OS compromise? What the hell would high complexity be?

by ForHackernews

2 subcomments

A wise elder once told me, "There are no secrets in silicon." (e.g. https://www.sciencedirect.com/science/article/abs/pii/S00262...)
If an attacker with time and resources has physical access, you are doomed.

by 7e

1 subcomments

"All three chipmakers exclude physical attacks from threat models for their TEEs."
So, working as intended.

by rhodey

2 subcomments