#remoteattestation — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #remoteattestation, aggregated by home.social.
-
Reproducible builds are a valuable property for remote attestation workflows but often hard to maintain. We faced a special challenge building reproducible artifacts that contain signatures.
Together with @Euler I wrote a blog post about how we used ECDSA public key recovery to generate signatures that match exactly one artifact, can be reproduced by a verifier, and are secure, without anyone ever knowing a private key.
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
#ReproducibleBuilds #RemoteAttestation #Cryptography #ConfidentialComputing #Infosec
-
I see that #LinkedIn is trying to loop me into a locked-down platform. (No surprise, obviously, coming from #Microsoft ).
-
The recording of my third talk with Pragyan and Vitaly at All Systems Go! about UKI, composefs and remote attestation for Bootable Containers is now available: https://app.media.ccc.de/v/all-systems-go-2025-362-uki-composefs-and-remote-attestation-for-bootable-containers
#ASG2025 #AllSystemsGo #AllSystemsGo2025 #UKI #composefs #bootc #BootableContainers #RemoteAttestation
-
Achievement Unlocked:
Remote attestation with Keylime on RHEL. Whew!#keylime #rhel #redhat #redhatenterpriselinux #remoteattestation #infosec #security
-
You get subjected to draconian tech like #DRM, #TrustedComputing, #RemoteAttestation and #PartsPairing in the name of protecting IP. What about your IP? The code you write, the paintings you make and even your online comments get fed into #AI and reproduced wholly or in part elsewhere, in the name of #fairuse. What is common to these seemingly contradictory, if not hypocritical measures? Those who promote it have the money to deploy them in mass and fight you in court if you challenge them.
-
CW: research review
V. Narayanan et al., "emote attestation of SEV-SNP confidential VMs using e-vTPMs"¹
Departing from "your data is safe with us" model where the cloud infrastructure is trusted, cloud tenants are shifting towards a model in which the cloud provider is not part of the trust domain. Both silicon and cloud vendors are trying to address this shift by introducing confidential computing - an umbrella term that provides mechanisms for protecting the data in-use through encryption below the hardware boundary of the CPU, e.g., Intel Software Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust domain extensions (TDX), etc.
In this work, we design and implement a virtual trusted platform module (vTPM) that virtualizes the hardware root-of-trust without requiring to trust the cloud provider. To ensure the security of a vTPM in a provider-controlled environment, we leverage unique isolation properties of the SEV-SNP hardware and a novel approach to ephemeral TPM state management. Specifically, we develop a stateless ephemeral vTPM that supports remote attestation without persistent state. This allows us to pair each confidential VM with a private instance of a vTPM that is completely isolated from the provider-controlled environment and other VMs. We built our prototype entirely on open-source components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a similar approach could be used to build remote attestation protocol on other trusted execution environments (TEE).#arXiv #ResearchPapers #SEV-SNP #TPM #TDX #SGX #RemoteAttestation #Intel #AMD