Author Topic: Ultravisor state and/or FlexVer as a substitute for confidential/trustworthy rem  (Read 402 times)

AbstractConcept

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
I have been occasionally reading the Signal blog,
https://signal.org/blog/secure-value-recovery/
and now that they are once again bringing up SGX as a possible solution to confidential/trustworthy remote processing, I am curious if POWER9’s Ultravisor mode along with Flexver could act as a replacement for SGX.
https://wiki.raptorcs.com/wiki/Power_ISA/Privilege_States#Ultravisor_State

To be honest, I do not fully understand the three (SGX, Flexver, or P9’s Ultravisor), but what Integricloud seems to be claiming to do with FlexVer in terms of allowing a user to verify code running remotely, seems awfully similar to how Signal is trying to use SGX to run code on the users behalf remotely without allowing the SGX server to see the inputs or outputs of the code being executed. From what I have read about Ultravisor state, IBM is certainly positioning it as an alternative to SGX and AMD’S Secure Processor memory encryption.
https://developer.ibm.com/articles/l-support-protected-computing/
https://www.kernel.org/doc/html/latest/powerpc/ultravisor.html

As Signal is pretty much the only messaging program I have significant trust in, part of my interest here is that I would like to see Signal using something other than a DRM mechanism to do private remote processing.

Though regardless, the promise of being able to perform confidential processing remotely is intriguing by itself, especially when done without placing absolute and irrevocable trust in the manufacturer.
« Last Edit: January 11, 2020, 01:55:42 pm by AbstractConcept »

ClassicHasClass

  • Full Member
  • ***
  • Posts: 146
  • Karma: +9/-0
  • Talospace Earth Orbit
    • View Profile
    • Floodgap
I'm doing research for a future Talospace article on the ultravisor, but while it should do something conceptually similar I don't think it's an exact replacement for SGX.

Flexver seems to have a little different scope and involves tamper protection as well AIUI, but @madscientist159 could say more about that.

madscientist159

  • Raptor Staff
  • *****
  • Posts: 43
  • Karma: +9/-0
    • View Profile
I'm doing research for a future Talospace article on the ultravisor, but while it should do something conceptually similar I don't think it's an exact replacement for SGX.

Flexver seems to have a little different scope and involves tamper protection as well AIUI, but @madscientist159 could say more about that.

Yes, FlexVer is the technology required to basically harden the systems against direct physical attack.  Since we consider permanent vendor control via e.g. vendor signing keys absolutely unacceptable, some other scheme is required to prevent physical access from silently becoming root / hypervisor root.  That's where FlexVer sits.

We have a few papers online, e.g. https://www.raptorengineering.com/TALOS/documentation/flexver_intro.pdf and https://www.raptorengineering.com/TALOS/documentation/integrimon_intro.pdf .  There's also some information at http://integricloud.com/content/base/service_intro.html , and I'd be happy to answer any direct questions you have.

Since Ultravisor is owner controlled, we'd generally say FlexVer is needed to make sure the Ultravisor image you think you loaded was actually loaded if a hostile physical environment is in play.

@AbstractConcept My standard answer to anyone promoting SGX as a "secure" solution is to ask, do you have an SLA with Intel that will pay out all damages incurred if SGX is implemented wrong, has a firmware bug that allows malicious access, if Intel abuses their keys to gain access to your data (including under court order / with warrant), etc.?  If not, you're just blindly trusting a third party to act in your interests at all times for no real reason.  Not a place I'd like to be, and definitely nothing I'd call "secure".  ;)
« Last Edit: January 12, 2020, 11:27:02 pm by madscientist159 »