Reminds me of a general-purpose version of the secure enclave that Moxie Marlinspike blogged about when he implemented secure contact look-up in Signal. Very cool Google released this as open source. Of course, it does require you to be able to trust the security of the enclaves and (at least in the Signal implementation) requires you to make some different performance trade-offs in order to prevent information leakage.
Tangent: On a whim I Googled 'secure enclave risc-v' and, sure enough, there's an extension in development called "Keystone."[0] RISC-V really has such a promising future.
Also reminds me of the Golem project, which wants to allow everyone to be able to sell their compute power and uses secure enclaves so the people who sell their compute power can't spy on the data of the submitted compute jobs. I find the concept of secure enclaves super exciting and I hate that most coverage of them ends up just being "secure enclaves are an evil tool for corporations to make super-DRM on your computer".
> wants to allow everyone to be able to sell their compute power
> corporations to make super-DRM on your computer
Well, who else are you going to sell it to? This is the sort of thing that I used to think was cool but now am merely weary of; combining the "everything is a leasable asset" view of Uber and AirBnB with the "don't look at the electricity costs" view of bitcoin. It's going to end up with idle televisions crunching the personal data of unrelated people in order to pay the TV manufacturer some penny shavings.
I haven't followed Golem or processor news closely, but I assume a future generation of processors will fix the side-channel attacks (either in general or at least just for secure enclaves), so I think it still makes a lot of sense to build something for secure enclaves for the future.
I don't disagree, but side-channel attacks have shown that hardware security isn't guaranteed and, maybe more importantly, there are unbelievably painful to patch.
But you do agree enclaves can be used for exactly this? I agree there are exciting use cases but we need to be careful because open, general purpose computing is already being attacked on several fronts.
Enclaves don't get direct IO access and have to interact with code running on the main processor. I'm okay with opaque code if it's running in a tight sandbox and its interactions to the outside world (including my filesystem) are inspectable.
Also it's important to me that regular people can benefit from secure enclaves by using them to protect their data being processed on other people's machines. The secure enclaves aren't closed only to corporations who want to make things like DRM.
Good points. The aspect I'm most worried about is that we'll see a trend towards an increasing amount of code running in enclaves and then becoming a hard requirement for common software to function.
Tangent: On a whim I Googled 'secure enclave risc-v' and, sure enough, there's an extension in development called "Keystone."[0] RISC-V really has such a promising future.
[0]: https://keystone-enclave.org/