Does this, like SGX, require signing by AMD itself?
This is a major letdown for SGX adoption, making it essentially useless for anyone but maybe niche markets trying to protect IP on cloud services.
If a master key COULD be loaded by the OS early at boot time (and cannot be replaced until CPU reset), it would be incredibly useful to create software-based TPM services that provide trusted isolation where needed.
It seems as if intel/amd are doing this 'just because die space is cheap, and why not try "ip-protection-as-a-service"' instead of a truly generic solution.
>Does this, like SGX, require signing by AMD itself?
I don't know the answer to this question, but AMD does tend to be more "open" than their competitors (look at FreeSync vs Gsync). So maybe there is hope here.
I think Intel backed away from the documentation that implied all signed enclaves had to go through them. I think people can attest their own SGX enclaves.
Unless the docs changed from last time I read them, those MSRs aren't one shot.
Also, the fact that anyone at Intel calls the signing system a "root of trust" makes me think that Intel is deluding itself. It's a root of licensing authority, not a root of trust in the system. You could set those MSRs to a public key for which everyone knows the private key and everything would work just fine.
This is a major letdown for SGX adoption, making it essentially useless for anyone but maybe niche markets trying to protect IP on cloud services.
If a master key COULD be loaded by the OS early at boot time (and cannot be replaced until CPU reset), it would be incredibly useful to create software-based TPM services that provide trusted isolation where needed.
It seems as if intel/amd are doing this 'just because die space is cheap, and why not try "ip-protection-as-a-service"' instead of a truly generic solution.