Hacker News new | past | comments | ask | show | jobs | submit login

> where basically the RAM and registers of the workload are encrypted so they hypervisor cannot see them

I call BS. There is no way to hide code from the platform it runs on.




I didn't say "from the platform", I very specifically said they're encrypted so the hypervisor or other VMs cannot see them. Believe it or not, that's how Intel TDX, AMD SEV and other systems do work, and these are real world implementations you can buy right now.


Indeed, it's defense in depth. The hypervisor shouldn't be compromised, and other VMs shouldn't be able to read your VM's data, but if they are or can for some reason, it's encrypted.


Other than homomorphic encryption of course.

https://en.wikipedia.org/wiki/Homomorphic_encryption




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: