Don't overestimate proprietary Trusted Execution Environment...

codonaft

npub1alptdev5srcw2hxg03567p4k6xs3lgj7f6545suc0rzp0xw98svse7rg94

hex

00f28b871bfa53aae2be89ad95fe9b1afb3c2654382ca5d53ac5e639a2b3107b

nevent

nevent1qqsqpu5tsudl55a2u2lgntv4l6d347euye2rst9965avte3e52e3q7cprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgswls4kuk2gpu89tny8c6d0q6mdrggl5f0ya226gwv833qhn8zncxgc032m8

Kind-1 (TextNote)

2026-03-08T14:08:04Z

Don't overestimate proprietary Trusted Execution Environments. We might never know for sure whether they are another sophisticated NSA honeypots or not. Issues have already been found in them; Nvidia is not excluded.

Not that I'm against these technologies, but I'd like to see more solutions based on something open and independently verifiable as well.

If it's not something identical to hardware TEE solutions, then at least there's a not-yet-well-known Linux syscall memfd_secret, which is basically a way to allocate private RAM regions that are, to some degree, isolated even from the kernel (pages with these regions won't be swapped to disk, core dumps won't include this memory, etc.).

It's a limited solution. It's not for GPUs. However, it's open and independent from any particular vendor.

Originally it was designed for cryptography. Useful for NIP-46 signers and CPU-only ML models for example.

https://www.man7.org/linux/man-pages/man2/memfd_secret.2.html#NOTES

nostr:nevent1qqsgtwf2jhn02u36aepl3pjd7386wvz7alqtjdu9flyzfhs4vkc0ewgpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgdwaehxw309ahx7uewd3hkcqg5waehxw309aex2mrp0yhxgctdw4eju6t0qgsdy27dk8f9qk7qvrm94pkdtus9xtk970jpcp4w48k6cw0khfm06msuzuenx

#privacy #linux #TEE

Raw JSON

{
  "kind": 1,
  "id": "00f28b871bfa53aae2be89ad95fe9b1afb3c2654382ca5d53ac5e639a2b3107b",
  "pubkey": "efc2b6e59480f0e55cc87c69af06b6d1a11fa25e4ea95a439878c41799c53c19",
  "created_at": 1772978884,
  "tags": [
    [
      "t",
      "privacy"
    ],
    [
      "t",
      "linux"
    ],
    [
      "t",
      "TEE"
    ],
    [
      "L",
      "ISO-639-1"
    ],
    [
      "l",
      "en",
      "ISO-639-1"
    ],
    [
      "nonce",
      "287",
      "7"
    ]
  ],
  "content": "Don't overestimate proprietary Trusted Execution Environments. We might never know for sure whether they are another sophisticated NSA honeypots or not. Issues have already been found in them; Nvidia is not excluded.\n\nNot that I'm against these technologies, but I'd like to see more solutions based on something open and independently verifiable as well.\n\nIf it's not something identical to hardware TEE solutions, then at least there's a not-yet-well-known Linux syscall `memfd_secret`, which is basically a way to allocate private RAM regions that are, to some degree, isolated even from the kernel (pages with these regions won't be swapped to disk, core dumps won't include this memory, etc.).\n\nIt's a limited solution. It's not for GPUs. However, it's open and independent from any particular vendor.\n\nOriginally it was designed for cryptography. Useful for NIP-46 signers and CPU-only ML models for example.\n\nhttps://www.man7.org/linux/man-pages/man2/memfd_secret.2.html#NOTES\n\nnostr:nevent1qqsgtwf2jhn02u36aepl3pjd7386wvz7alqtjdu9flyzfhs4vkc0ewgpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgdwaehxw309ahx7uewd3hkcqg5waehxw309aex2mrp0yhxgctdw4eju6t0qgsdy27dk8f9qk7qvrm94pkdtus9xtk970jpcp4w48k6cw0khfm06msuzuenx\n\n#privacy #linux #TEE\n",
  "sig": "2e22a3dc1520f24323d4939b677053ac30aeaa643be9fba767ec2bc87e8f53e3bba4ca4bd0d8d6a8d8167aa4a1d93b60753d54ddc30e76fdea402f9b480c7e89"
}