home.social

#trustedcomputing — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #trustedcomputing, aggregated by home.social.

  1. if you're working on trusted computing at a tech company, know i'll be very mad at you in 20 years when we won't be able to buy real computers anymore and we'll have to either rent a shitty vps from azure or go tear down whatever 2020s era iot devices are still left to steal their MCUs

    don't make stuff you know will be used against humanity pretty please

    #trustedcomputing

  2. @lug_nuernberg Great Meme 🫶 #TPM2 was a child once - for a better understanding, may I add this great animation to your thread? I think it's worth viewing ❤️

    youtu.be/mLoIcdIu_Kk?si=YULJHV
    #trustedcomputing #tcpa

  3. À voir! B. Stephan & Lutz Vogel alertent sur l'« informatique de confiance » : un concept qui pourrait servir à mieux nous contrôler. Vidéo percutante pour comprendre les enjeux et défendre nos libertés numériques. #TrustedComputing #InformatiqueDeConfiance #Surveillance #Privacy #LibertésNumériques #Framasoft #PeerTube #French
    tube.pmj.rocks/videos/watch/d3

  4. @Neffscape

    Bellissimo 👍

    Ma per avere una qualche forma di penetrazione nei media nostrani, IMHO, andrebbe tradotto e soprattutto doppiato in italiano (e poi in ogni lingua, ovviamente)

    Faccio un esempio pratico: la (bella) campagna sul #trustedComputing (tra l'altro argomento ancora valido)

    E' stato fatto un video e poi doppiato in ogni lingua. Eccolo in italiano

    youtube.com/watch?v=5OhP6ZzCMgY

    @_elena

  5. Solo dal 2023 l'AI è diventata parte del discorso di tutti: il suo utilizzo, l'addestramento con nostri dati, le opposizioni ecc.

    Ma ogni tanto mi piace condividere ciò che succedeva già 17 anni fa, che ha posto le basi per tutto ciò, ma che in pochi tenevano in considerazione

    #TrustedComputing

  6. And, once again, "trusted computing" should not be trusted…

    L. Wilke et al, "TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX"¹

    […]

    Intel recently launched Intel TDX, its second generation TEE, which protects whole virtual ma- chines (VMs). To minimize the attack surface to side-channels, TDX comes with a dedicated single-stepping attack countermeasure.
    In this paper, we systematically analyze the single-stepping coun- termeasure of Intel TDX and show, for the first time, that both, the built-in detection heuristic as well as the prevention mechanism, can be circumvented. We reliably single-step TDX-protected VMs by deluding the TDX security monitor about the elapsed processing time used as part of the detection heuristic. Moreover, our study reveals a design flaw in the single-stepping countermeasure that turns the prevention mechanism against itself: An inherent side- channel within the prevention mechanism leaks the number of instructions executed by the TDX-protected VM, enabling a novel attack we refer to as StumbleStepping. Both attacks, single-stepping and StumbleStepping, work on the most recent Intel TDX enabled Xeon Scalable CPUs.

    Using StumbleStepping, we demonstrate a novel end-to-end at- tack against wolfSSL’s ECDSA implementation, exploiting a con- trol flow side-channel in its truncation-based nonce generation algorithm. We provide a systematic study of nonce-truncation im- plementations, revealing similar leakages in OpenSSL, which we exploit with our single-stepping primitive. Finally, we propose de- sign changes to TDX to mitigate our attacks.

    […]

    #TDX #TrustedComputing #Intel
    __
    ¹ uzl-its.github.io/tdxdown/

  7. I feel like a #TPM should have a little tag on it that tells people what it does; "If you disconnect me from this computer all the data on it becomes unreadable. Pull in case of cops. Pull and destroy!"

    #trustedComputing #encryption #uefi #cryptography #security #infosec

  8. You likely use the () each day for work, school, or leisure - but do you know how to safeguard the devices you use within it from ?

    and skills can be for everyone! Learn how to stay protected in the article by Expert Simone Bertulli:

    lpi.org/u869

  9. #CyberSecurity #TrustedComputing: "After all, a system that treats the device's owner as an adversary is a natural ally for the owner's other, human adversaries. The rubric for treating the owner as an adversary focuses on the way that users can be fooled by bad people with bad programs. If your computer gets taken over by malicious software, that malware might intercept queries from your antivirus program and send it false data that lulls it into thinking your computer is fine, even as your private data is being plundered and your system is being used to launch malware attacks on others.

    These separate, non-user-accessible, non-updateable secure systems serve a nubs of certainty, a remote fortress that observes and faithfully reports on the interior workings of your computer. This separate system can't be user-modifiable or field-updateable, because then malicious software could impersonate the user and disable the security chip.

    It's true that compromised computers are a real and terrifying problem. Your computer is privy to your most intimate secrets and an attacker who can turn it against you can harm you in untold ways. But the widespread redesign of out computers to treat us as their enemies gives rise to a range of completely predictable and – I would argue – even worse harms. Building computers that treat their owners as untrusted parties is a system that works well, but fails badly." pluralistic.net/2024/01/18/des

  10. CW: Long thread/6

    I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):

    pluralistic.net/2024/01/09/ast

    But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.

    6/

  11. CW: Long thread/6

    I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):

    pluralistic.net/2024/01/09/ast

    But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.

    6/

  12. CW: Long thread/6

    I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):

    pluralistic.net/2024/01/09/ast

    But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.

    6/

  13. CW: Long thread/6

    I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):

    pluralistic.net/2024/01/09/ast

    But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.

    6/

  14. CW: Long thread/6

    I know it's weird to be worried about realism in movies that pretend we will find a practical means to visit other star systems and shuttle between them (which we are very, very unlikely to do):

    pluralistic.net/2024/01/09/ast

    But this kind of foolishness galls me. It galls me more when it happens in the *real* world of technology design, which is why I've spent the past quarter-century being *very cross* about #DigitalRightsManagement in general, and #TrustedComputing in particular.

    6/

  15. You get subjected to draconian tech like , , and in the name of protecting IP. What about your IP? The code you write, the paintings you make and even your online comments get fed into and reproduced wholly or in part elsewhere, in the name of . What is common to these seemingly contradictory, if not hypocritical measures? Those who promote it have the money to deploy them in mass and fight you in court if you challenge them.

  16. Es gibt einen Angriff gegen die #AMD Speicherverschlüsselung. Damit sollte #TrustedComputing in der #Cloud schwer angezaehlt sein.

    cachewarpattack.com/

  17. BIOS update went off without a hitch!

    Except I had to disable the firmware trusted computing module and reenter my Bitlocker key because I just *had* to install a real TCM

    I really like #Gigabyte's #Qflash feature. Makes BIOS updates a breeze!

    #hardware #pcbuilding #trustedComputing #bios #bitlocker #encryption #motherboard

  18. #TrustedComputing needs to fucking die, #WEI may be dead, but TC is alive on most mobile devices, and it's taking hold on desktops once again too.

    TC must be illegal.

  19. This renders also most usecases of #trustedcomputing into the void.

    A success attack to #sgx if someone has access to the hardware is exactly the #security threat it should protect from. Important for #cloud and #kubernetes users. Sorry.

    Tesla Jailbreak Unlocks Theft of In-Car Paid Features
    darkreading.com/application-se

  20. Weird take:

    SafetyNet being utterly broken actually did more harm than good, because a lot of people have picked up the misconception that TC-like or DRM tech doesn't work and can be easily broken.

    It gives you a false confidence in the status quo. It would only take Google flipping a switch to completely nuke this.

    They've "fixed" it, the only reason basic attestation is still around is because of older devices and maybe some internal politics, but apps can already require strong attestation.

    #TrustedComputing #ComputingFreedom #SoftwareFreedom #WEI

  21. CW: WEI, Trusted Computing, and some counter proposals, long

    Something that really bothers me about #WEI and similar things like PAT (assuming good faith of course, which for WEI I can't, because why would it exist if PAT is a better designed system) is that if these big corporations really wanted to crack the problem of verifying that a human is making a request in a way that doesn't threaten software freedom, they could!

    In fact Cloudflare's proposal to use Webauthn for this was already much better. The key (pun totally intended) is separation of responsibilities. The part of the hardware that does the attestation must be physically incapable of making assertions about your boot state or software stack in general.

    And any verification of software integrity? That's for the user, you must design the firmware in a way that can notify the user if anything is changed. This isn't too crazy with how complicated firmware already is on modern devices, and it already exists.

    #ComputingFreedom #TrustedComputing #FOSS

  22. linuxjournal.com/article/7055

    Dated 2003.

    I was less than 1 year old when this was written, and yet it couldn't be more relevant now that I'm 20.

    Here's a quote:

    Creating a reliable way for a third party to determine what software you're using is a pernicious project. Today, it's trivial to fool “Internet Explorer only” sites: change how your browser identifies itself, and there is nothing the other end can do. With TCPA's remote attestation, a site that insists on an attestation would receive the whole truth or a highly suspicious “No Comment”.

    #TrustedComputing #OpenWeb #WEI #Google #Security

  23. Do #trustedcomputing guys use IPMI/KVM? How do you trust the peripheral buses aren't intercepted?

  24. CCA-Funktionen schützen Daten im RAM von Servern, Smartphones und Computern selbst vor dem Admin; CCA zielt auf Cloud-Rechenzentren, aber auch Endgeräte. ARM Confidential Compute Architecture: Details zur ARMv9-CCA