- cryptographic accellerators: a cavium nitrox is a black box, same as gemaltos. the reason these are so secure is because theyre expensive and the implementation and operation is pretty theatrical.
Trust is the key component in your defense strategy, and trust is based on character times competence. Corporations are categorically faceless and as such embody no character, only a profit motive. zero times anything is just zero. The same guys that sold you TPM might leak their keys because you arent buying enough TPM this year. no company will accept fault or liability for your security incident, so dont base your defense on buzzwords alone unless this is risk management for C level obligations to the shareholders.
tl;dr open source security is best security. trust and verify, audit periodically and above all else avoid or mitigate risk in any environment no matter how secure it is assumed.
- Secure Boot: Only secure so long as microsoft and friends dont leak their keys https://hothardware.com/news/microsoft-accidentally-leaks-go...
- SNVS: is just proprietary enclaving so implementation standards matter here. most of these are blackboxes and marketing.
- secure ram: is another one of these vendor-endorsed moving targets. https://www.tomshardware.com/news/amd-memory-encryption-disa...
- Trustzone: is just marketing wank for a chips TEE https://en.wikipedia.org/wiki/Trusted_execution_environment and that TEE can be used against you as well as for you.
- cryptographic accellerators: a cavium nitrox is a black box, same as gemaltos. the reason these are so secure is because theyre expensive and the implementation and operation is pretty theatrical.
Trust is the key component in your defense strategy, and trust is based on character times competence. Corporations are categorically faceless and as such embody no character, only a profit motive. zero times anything is just zero. The same guys that sold you TPM might leak their keys because you arent buying enough TPM this year. no company will accept fault or liability for your security incident, so dont base your defense on buzzwords alone unless this is risk management for C level obligations to the shareholders.
tl;dr open source security is best security. trust and verify, audit periodically and above all else avoid or mitigate risk in any environment no matter how secure it is assumed.