Hardware

4493 readers

150 users here now

All things related to technology hardware, with a focus on computing hardware.

Rules (Click to Expand):

Follow the Lemmy.world Rules - https://mastodon.world/about
Be kind. No bullying, harassment, racism, sexism etc. against other users.
No Spam, illegal content, or NSFW content.
Please stay on topic, adjacent topics (e.g. software) are fine if they are strongly relevant to technology hardware. Another example would be business news for hardware-focused companies.
Please try and post original sources when possible (as opposed to summaries).
If posting an archived version of the article, please include a URL link to the original article in the body of the post.

Some other hardware communities across Lemmy:

Augmented Reality - !augmented_reality@lemmy.world
Gaming Laptops - !gaminglaptops@lemmy.world
Laptops - !laptops@lemmy.world
Linux Hardware - !linuxhardware@programming.dev
Mechanical Keyboards - !mechanical_keyboards@programming.dev
Monitors - !monitors@piefed.social
Raspberry Pi - !raspberry_pi@programming.dev
Retro Computing - !retrocomputing@lemmy.sdf.org
Virtual Reality - !virtualreality@lemmy.world

Icon by "icon lauk" under CC BY 3.0

founded 2 years ago

MODERATORS

Alphane_Moon@lemmy.world

New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel (arstechnica.com)

submitted 3 weeks ago by Alphane_Moon@lemmy.world to c/hardware@lemmy.world

8 comments fedilink hide all child comments

top 8 comments

sorted by: hot top controversial new old

[–] Alphane_Moon@lemmy.world 13 points 3 weeks ago* (last edited 3 weeks ago) (3 children)

This one area I don't have even superficial knowledge of, but armchair logic suggests if you have physical access, it's reasonable to assume with enough resources (and time), you can probably find a way to defeat TEEs.

How relevant this is to the real world is a separate question.

[–] Blaster_M@lemmy.world 12 points 3 weeks ago

This is the same tired "well it can be defeated so no security is better than fake security" excuse people already make. The point is to make it take so long to break in the value of what is extracted has expired by the time they do.

If your phone is yoinked by the bois for evidence, do you want them to see what you've been doing on your ohone right away? And "nothing to hide" doesn't matter if they can use mental gymnastics to spin innocence into guilt. At least with long enough protection timing you have a shot at getting through via lack of tangible evidence.

[–] ryannathans@aussie.zone 3 points 3 weeks ago (1 children)

Kinda fucks apps like signal up if they need to rely on the secure enclave on cloud servers

[–] tfm@piefed.europe.pub 2 points 3 weeks ago (1 children)

Stuff is already encrypted when they reach their servers

[–] ryannathans@aussie.zone 2 points 3 weeks ago (1 children)

https://signal.org/blog/private-contact-discovery/

Features like this depend on the secure enclave

[–] tfm@piefed.europe.pub 1 points 3 weeks ago

Fair point

[–] jacksilver@lemmy.world 3 points 3 weeks ago

Yeah, in the article they even say manufacturers don't provide any guarantees against physical attacks.

[–] fubarx@lemmy.world 10 points 3 weeks ago* (last edited 3 weeks ago)

If someone gets physical access, all bets are off. Just wire a ChipWhisperer (https://www.newae.com/chipwhisperer) between the TEE and the CPU or GPU, and it's trivial to get around all protections. Throw in clock or voltage-glitching and...