mjg59

mjg59, 20 hours ago

(And does any of it actually exist other than the Baicells stuff that's the only one I can find?)

mjg59, 17 hours ago

@funkylab I'd rather use off the shelf hardware than deal with additional complexity that's under my control

mjg59, 1 day ago

@grumpybozo My understanding is that it's a state-by-state issue

mjg59, 1 day ago

Ok apparently a miscommunication, spoke to a couple of very helpful people at CPUC, was transferred to someone in the AT&T President's Office, and now have an order for copper to be connected along with an assertion that they don't need to install anything (I'm sceptical about this claim given the infrastructure all burned down back in 2021 and I can't imagine they decided to hook any remaining copper back up, but let's see)

mjg59, 21 hours ago

@blaise as am I! They have given me a phone number, now I just need to buy a phone

mjg59, 4 days ago

Kind of feel that coming second to a team with @deviantollam and @Tarah is not a bad outcome

mjg59, 6 days ago

@hyc I'm fine with the hypervisor being able to see what's happening in arbitrary guests, but there needs to be isolation between the primary VM and the security VM (Hyper-V manages this fine in Windows land)

mjg59, 6 days ago

@agraf My recollection is that Jailhouse does static partitioning and no scheduling, ie you need to give it a CPU? It also starts from Linux which makes it harder to sequester secrets that Linux can't get at.

mjg59, 6 days ago

@bluca @l0kod Not quite the same - you still have Linux with the ability to see everything, I think?

mjg59, 6 days ago

@baloo @hyc Potentially the TPM, but otherwise nothing - just CPU, RAM, and some sort of simple intra-VM communication channel.

mjg59, 6 days ago

@agraf I'm pretty sure the lack of scheduling is a design choice that would need to be retrofitted. Launching from Linux is more about how it's managed, so that's probably an easier thing to fix.

mjg59, 6 days ago

@jornfranke No, firecracker VMs are visible to the Linux host

mjg59, 6 days ago

@baloo @hyc Right, you can do it the other way around with SEV, but that then leaves you with very restricted hardware support at the moment

mjg59, 6 days ago

@noodles @hyc Some form of secret manager, at least

mjg59, 6 days ago

@rzeta0 A hypervisor doesn't have to let a privileged VM see into other VMs - Xen allowing that for Dom0 is an artifact of their design rather than anything inherent. The primary Windows VM can't see into the Credential Guard VM, since the hypervisor has drawn a hardware-enforced barrier in between them.

mjg59, 6 days ago

@rzeta0 Cryptography doesn't remove side channels - if you keep the secrets in a TPM but it doesn't use constant time operations, or if I'm able to monitor the power rails, that's not an absolute barrier. Very little is absolute - the level of security appropriate for a given problem will vary depending on what your threat model is, and I'm broadly ok with having my WebAuthn secrets in a separate VM running on the same CPU

mjg59, 5 days ago

@noodles @hyc SEV is pretty much exclusive to server parts, and I have a laptop

mjg59, 1 day ago

@fl0_id @hyc it's a hypervisor, it simply imposes a barrier between the resources? This isn't a conceptually complicated situation, modern CPUs support it just fine

mjg59, 1 day ago

@fl0_id @hyc overridden by whom?