undefined | Better HN

story

0 pointssillysaurusx6y ago0 comments

Thanks! In that case, they seemed to have a good point: if it was an open source CPU, it seems like security might be an issue.

One way to do it: ship security updates using the same technique as intel, and don't release the source code for the fix until much later. I think I remember an open source project doing something similar. But of course, it seems pretty hard to manage that complexity: what if the fix introduces code changes that future commits depend on?

Interesting problem...

0 comments

klyrs6y ago

I'm by no means an expert, but open design and verification of secure enclaves seems quite feasible -- keys would differ between different chip makers, I imagine. Folks could write patches, but perhaps not sign them for hardware they own. Though I'd expect most maintainers to work with the community to get bugs fixed.

j / k navigate · click thread line to collapse

0 comments

klyrs6y ago

j / k navigate · click thread line to collapse