1) A CPU without obvious & network accessible backdoors that were sold to governments and who knows who else. 2) Using an OS with reproducible builds 3) Using verified boot
Seems like enough. But no one seems willing to talk straight on #1. Conversations that strategize on this topic seem purposefully derailed all over the web. I realize it would be extremely hard to reverse engineer a CPU to verifiably disable its black box OS running inside. But there are many approaches including non-stop pushing AMD to release their source / release verifiable disabling tool.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2021-06-02 04:00 pm (UTC)2) Using an OS with reproducible builds
3) Using verified boot
Seems like enough. But no one seems willing to talk straight on #1. Conversations that strategize on this topic seem purposefully derailed all over the web. I realize it would be extremely hard to reverse engineer a CPU to verifiably disable its black box OS running inside. But there are many approaches including non-stop pushing AMD to release their source / release verifiable disabling tool.