zlacker

[parent] [thread] 4 comments
1. JohnFe+(OP)[view] [source] 2023-07-25 14:56:47
Or run one of the "blessed" or "compromised" (depending on your point of view) distros in a VM purely for those types of things.
replies(2): >>Avaman+21 >>Gazoch+W42
2. Avaman+21[view] [source] 2023-07-25 14:59:57
>>JohnFe+(OP)
That's the point where you'd need the VM itself to be attested for it to work. Hyper-V kinda does it already with Shielded Windows VMs.

With the advent of SEV, you won't even be able to look at the stuff your hypervisor is running.

replies(1): >>fsnipe+v7
◧◩
3. fsnipe+v7[view] [source] [discussion] 2023-07-25 15:25:08
>>Avaman+21
Also there is no guarantee that "attestation" won't require your software to run on the physical hardware and not on a vm.
replies(1): >>Avaman+Cb
◧◩◪
4. Avaman+Cb[view] [source] [discussion] 2023-07-25 15:40:12
>>fsnipe+v7
True, but virtualization is big enough (including Microsoft's own Windows365 offerings) that passing "trust" down into VMs will be done. And with SEV there isn't even a way to tamper with things after the attestation process has been completed.
5. Gazoch+W42[view] [source] 2023-07-25 23:37:13
>>JohnFe+(OP)
Even assuming the VM workaround works, this would be catastrophic from an usability standpoint.

Linux has been making giant strides towards increasing accessibility and lowering the friction of adopting it as a daily driver, while preserving the freedom to choose any distro you want.

Forcing new users to babysit a second installation in a special VM would be wiping out decades of progress.

[go to top]