Michael J BurgessUbuntu 26.04 Security Shift
Ubuntu 26.04 LTS brings TPM-backed disk encryption, confidential computing, safer defaults, and more. Here is what matters most.
Paul MeyerPhysical security has become an important aspect of protecting confidential computing workloads. Physical access is typically excluded from hardware vendors' CVM attack models, leaving physical and relay attacks largely unaddressed.
Flashbots and Intel have each been working independently on solutions to help bridge this physical-access gap: https://writings.flashbots.net/mind-the-gap-tee-poc
Reproducible builds are a valuable property for remote attestation workflows but often hard to maintain. We faced a special challenge building reproducible artifacts that contain signatures.
Together with @Euler I wrote a blog post about how we used ECDSA public key recovery to generate signatures that match exactly one artifact, can be reproduced by a verifier, and are secure, without anyone ever knowing a private key.
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
#ReproducibleBuilds #RemoteAttestation #Cryptography #ConfidentialComputing #Infosec
Secure signatures without a private key
Reproducible builds allow anyone to verify that a binary matches its source code. But what if the build artifact must contain a cryptographic signature? Reproducing the signature requires the private key, which defeats the purpose of reproducibility. In this post, we present a technique based on ECDSA public key recovery that produces signatures which are both secure and fully reproducible, without anyone ever knowing a private key. Build artifacts with signatures - a reproducibility issue Remote attestation is a fundamental part of Confidential Computing. It can be used to prove what software is running in a remote environment. Users of such an attested environment do not need to trust the software vendor, excluding them from the trusted computing base1.
The Subliminal PressModern hardware with the latest kernel is advised for operators of the current and maintained #QubesOS version 4.3.
The features of the system are nearly the same as the previous generations. One interesting innovation is the possibility to change
VM Persistent/User modes in Qubes Manager when updating or configuring
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Sysmaint
Compare with #Whonix in Vmware
https://fekir.info/post/immutable-machines-with-virtualbox/
Considier RO in regard to Stateless Relays (a gateway, a browser, a relay server)
Bandwidth-Weighted algorithm (performance vs security trade-off)
"Tor relays build reputation over time: a relay that has been running for months earns bandwidth flags that make it more useful to the network"
@torproject @FreedomofPress
live RAM Relay
http://uy3qxvwzwoeztnellvvhxh7ju7kfvlsauka7avilcjg7domzxptbq7qd.onion/websites/lists.torproject.org/pipermail/tor-talk/2015-July/038493.html
#Gentoo @gentoo @installgentoo
#FreedomOfThePress #FreedomOfThePressFoundation #Press #News #Journalism #ComputationalJournalism #Stateless #Immutable #ConfidentialComputing
#infosec #Qubes #Fedora #Tor #Innovation #Science #CS #IT #Linux
Cool, KVM-based AMD SEV-SNP support was recently added to Cloud Hypervisor! Including support for Google's oak stage0 firmware and IGVM image format.
https://github.com/cloud-hypervisor/cloud-hypervisor/pull/7942
#ConfidentialComputing #virtualization #KVM #CloudHypervisor
Fabricked, a new attack on AMD SEV-SNP presented: software-based attack that manipulates memory routing of inter-component communication within the SoC to trick the secure processor into improperly initializing the RPM table. The root cause is a missing check in the secure processor firmware to enforce the Data Fabric is locked down.
Fabricked: Misconfiguring Infinity Fabric to Break AMD SEV-SNP
Confidential computing allows cloud tenants to offload sensitive computations and data to remote resources without needing to trust the cloud service provider. Hardware-based trusted execution environments, like AMD SEV-SNP, achieve this by creating Confidential Virtual Machines (CVMs). With Fabricked, we present a novel software-based attack that manipulates memory routing to compromise AMD SEV-SNP. By redirecting memory transactions, a malicious hypervisor can deceive the secure co-processor (PSP) into improperly initializing SEV-SNP. This enables the attacker to perform arbitrary read and write access within the CVM address space, thus breaking SEV-SNP core security guarantees.
RE: https://infosec.exchange/@trailofbits/116363081880526734
Trail of Bits published a really interesting audit report on Meta's confidential computing protection for WhatsApp's AI support. One of the findings is an AML injection attack, which I wrote about in a blog post a few weeks ago: https://katexochen.aro.bz/posts/badaml/
There are many other interesting findings, and a lot to learn from them. I really appreciate that they are sharing the full report.
Sounds like #Tor met amnesiac hardcode.
cf. HEADS (#TPM) and
mmutability (#stateless #ConfidentialComputing)
http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/exploring-stateless-relays/ #TorRelay #Operators
--> https://novacustom.com/forum/d/45-dasharo-corebootheads-for-a-secure-boot-process
--> https://www.ibm.com/think/topics/immutable-infrastructure
PPC LandFYI: Reddit and Anonym's data deal: no first-party data leaves, ever: Anonym and Reddit today announced a privacy-safe measurement partnership using confidential computing, marking Anonym's fourth major platform deal in under a year. https://ppc.land/reddit-and-anonyms-data-deal-no-first-party-data-leaves-ever/ #Reddit #Anonym #DataPrivacy #ConfidentialComputing #Partnership
RE: https://abyssdomain.expert/@filippo/116358410869265202
Trusted Execution Environments (TEEs) like Intel SGX and AMD SEV-SNP and in general hardware attestation are just f***d. All their keys and roots are not PQ and I heard of no progress in rolling out PQ ones, which at hardware speeds means we are forced to accept they might not make it