undefined | Better HN

0 pointsastrange1y ago0 comments

That's a secure enclave aka secure element aka TPM. Once you start wanting security you usually think up enough other features (voltage glitching prevention, memory encryption) that it's worth moving it off the CPU.

0 comments

Dylan168071y ago

That's a wildly different type of security. I just want to sandbox some code, not treat the entire world as hostile.

tiberious7261y ago

Eh, the TPM is a hell of a lot less functional than security processor on a modem arm board. You can seal and unseal based on system state, but once things are unsealed, it's just in memory

j / k navigate · click thread line to collapse

0 pointsastrange1y ago0 comments

0 comments

Dylan168071y ago

That's a wildly different type of security. I just want to sandbox some code, not treat the entire world as hostile.

tiberious7261y ago

Eh, the TPM is a hell of a lot less functional than security processor on a modem arm board. You can seal and unseal based on system state, but once things are unsealed, it's just in memory

j / k navigate · click thread line to collapse