Your posts just reminded me of it, so maybe it'll provide some new viewpoints for you? 
-
-
Replying to @JaceCear
i mean, I used to do silicon-level circuit design and layout, and architecture design. both at separate points, mind you, but i know the problem pretty well. the issue is that simple hardware is slow hardware, and asking for a complete architecture redesign is no small thing.
3 replies 0 retweets 0 likes -
Replying to @hedgeberg @JaceCear
Like, it's hard to overstate the benefit of modern architecture changes. pipeline improvements, specex, etc, have made hardware /drastically/ faster by reducing fundamental bottlenecks. It's a tall order to ask people to go back to that level of simplicity.
2 replies 0 retweets 1 like -
Replying to @hedgeberg @JaceCear
That being said, my "ideal" solution to architecture problems in general isn't to fix architecture problems, its to have a physically separate introspection processor. One which is cheap, simple, open source, and replacable, which runs a watchdog firmware that monitors the CPU.
1 reply 0 retweets 2 likes -
Replying to @hedgeberg @JaceCear
It's the easiest way to fix these flaws: have a fundamentally separate SoC with a small attack surface in a purely management role, which is responsible for confirming main CPU's behavior is in line with expectations. Like ME, but external and auditable.
1 reply 0 retweets 3 likes -
Replying to @hedgeberg @JaceCear
How would this work? If it has to monitor everything the main CPU does, it has to be as powerful as the main CPU. If it doesn't, then you could make the main CPU do evil things that it wouldn't catch.
2 replies 0 retweets 4 likes -
I'm not thinking of a full monitoring role, was juggling a million notifications when I saw this. My main motivation for this is the thought of ME/other management coprocessors which are unaudited attack surfaces.
1 reply 0 retweets 0 likes -
I guess my main thought is that a separate, replacable, open source, simple processor for handling trusted execution tasks adds a level of security and peace of mind. It doesn't fix side-channels, but it does allow for verification of no sidechannels in trusted environments
1 reply 0 retweets 0 likes -
Re: side-channels I guess the main point of it was we just have to deal for now until we reach the point where there's a strong mitigation in place for them, and a decent stopgap imo is something easily auditable that gates access to trusted secrets.
1 reply 0 retweets 0 likes -
This isn't a well-thought-out idea though, it's spitballing and its just my open onions.
1 reply 0 retweets 0 likes
Replying to @hedgeberg @JaceCear
Okay, that makes more sense. Yes a trusted but auditable secure enclave (a la iPhone) is useful. It won't do anything for the software running in your main CPU, but at least you can move your important secrets to it and keep them safe.
10:07 PM - 18 Aug 2018
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.