[Info-vax] CPU Refresher for Programmers

johnwallace4 at yahoo.co.uk johnwallace4 at yahoo.co.uk
Sat Jan 16 05:52:43 EST 2016 

On Saturday, 16 January 2016 10:49:51 UTC, johnwa... at yahoo.co.uk  wrote:
> On Saturday, 16 January 2016 03:34:26 UTC, Stephen Hoffman  wrote:
> > On 2016-01-12 03:10:16 +0000, Stephen Hoffman said:
> > 
> > > Yeah, more than a few of these features have been available in systems 
> > > prior to x86-64 -- but these features are now far more common, far 
> > > cheaper, and just as useful.
> > 
> > Then there are features (complexity) that didn't exist before, such as 
> > Intel Software Guard Extensions (SGX):
> > 
> > https://software.intel.com/sites/default/files/332680-002.pdf
> > 
> > These enclaves would (hypothetically) be where LMF would be 
> > implemented, and would provide storage and processing related to each 
> > user's private keys, for instance.   There are other uses likely too, 
> > such as a foundation for secure delivery.
> > 
> > -- 
> > Pure Personal Opinion | HoffmanLabs LLC
> 
> Features that didn't exist before what?
> 
> SGX may be new to Intel/x86, to the extent that you can't really buy
> it yet, but it's arguably a close relative of ARM's TrustZone which
> has been around a decade or so, intended for digital entertainment,
> secure comms, secure control, etc boxes, or indeed anything where
> things have to be reasonably secure against attacks of various kinds
> (not just malware). But TrustZone is aimed at the System on Chip
> world, and consequently is largely invisible to Joe Public, or even
> to most of the software/hardware world.
> 
> With TrustZone, it was implicit that the box is largely a single
> purpose box, defined at design time or manufacturing time, because
> (at least historically) that's the way an ARM-based System on Chip
> is used. And consequently there was only one trusted 'zone'.
> 
> AIUI, one new thing SGX will bring to the table is multiple
> independent 'enclaves' vs TrustZone's single zone. IE the concept is
> extended from largely single purpose boxes to general purpose boxes
> whose workload may change significantly during the hardware's
> lifetime, just as you'd expect with x86.

Doh. Obvious use case for ARM's TrustZone that I intended to mention
but forgot - secure mobile payments.

More information about the Info-vax mailing list