Hacker News new | comments | show | ask | jobs | submit login

Intel wants to introduce in-CPU encrypted memory regions with its SGX extensions for such uses. That would allow encrypted virtual machines that the VM host (or SMM or TXT or whatever other super privileged mode you control) couldn't analyze.

Of course, you're merely moving your trust anchor from code (verifiable, easy to subvert) to CPU (unverifiable, hard to subvert). Pick your poison.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact