A match made in SEV-en: Google touts Confidential VMs using AMD's Epyc on-the-fly memory encryption Google Cloud will today announce the availability, as a beta, so-called Confidential Virtual Machines that feature on-the-fly RAM encryption using per-VM keys. These Confidential VMs, detailed here, will be launched to coincide with the nine-week Google Cloud Next conference that starts today. The virtual machines will be …
The PSP is AMD-controlled (signed), closed source, and has access to everything on the system. Even the owner of the machine cannot alter it or replace it because of the AMD signing key.
Why exactly should I trust this not so little bit of proprietary software, especially in changing legal frameworks mandating backdoors? Remember, AMD doesn't even have enough confidence in their own code to make it a burned-in, non-updateable ROM!
I would have thought that if you are willing to let your code run on somebody's cloud, you are fine with the basic promise that only your program can read your data (at least, I'm assuming that Google is promising this with or without this encryption). Ultimately, you have to trust Google are not lying to you and that they know what they are doing, because I don't see how you can get proof that your program is really running on the encrypted machine and not any old random server.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
