Hacker News new | comments | show | ask | jobs | submit login

How would you write an OS that would be encrypted or otherwise inaccessible to the hardware on which it's running? It would be a kind of hypervisor OS, but you might run only 1 VM so you could connect via console and maximize resources, as though it were a standard PC. Or maybe have a small server VM to help your network manage resources.

Are we looking at a future where a standard OS install is a multi-VM situation?




Intel wants to introduce in-CPU encrypted memory regions with its SGX extensions for such uses. That would allow encrypted virtual machines that the VM host (or SMM or TXT or whatever other super privileged mode you control) couldn't analyze.

Of course, you're merely moving your trust anchor from code (verifiable, easy to subvert) to CPU (unverifiable, hard to subvert). Pick your poison.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: