On Thu, Feb 25, 2016 at 2:06 PM, Mick <michaelkintz...@gmail.com> wrote: > On Wednesday 24 Feb 2016 19:08:42 Rich Freeman wrote: >> On Wed, Feb 24, 2016 at 4:05 AM, Frank Steinmetzger <war...@gmx.de> wrote: >> > Well my concern was more that SGX would provide leverage for even more >> > eavesdropping, rather than prohibit it. >> >> Yeah, I'm one of those persons who tends to consider most fears of >> TPMs and UEFI overblown, but these CPUs that almost have independent >> CPUs inside with full RAM+hardware access which are secured against >> the main CPU do concern me quite a bit. > > You have to see this from a demand angle of the computing market. I suspect > Intel is just responding to market demand for 'better security'. For big > corporates better security means protection from internal (employees) as well > as external threats. Most CIOs would sleep comfortably in the thought that > they can blame Intel when things go sideways and try to keep their jobs among > the blame-fest and ricochets that ensues. Of course our concept of security > (who we trust with our computing) is orthogonal to your average CIO's out > there who are invariably acting as a procurement agent. Dare I observe, we do > not really feature as a target market for Intel. >
All they need to do is provide the private key associated with the CPU to the owner upon purchase. In the case of a corporate computer, the corporation gets the keys to the PC. Most people wouldn't bother making any use of the key. However, those who are interested could sign libreboot or whatever with it and now they have full control over their PC. Indeed, they could then use that control to ensure that nobody else goes tampering with their PC, which is in fact the intended purpose of this feature anyway. The problem is that Intel's solution effectively gives them a back-door into everybody's PC. -- Rich
