Comment by Stefan-H
1 day ago
That is where the attestation comes in to show that the environment is only running cryptographically verified versions of open source software that does not have the mechanisms to allow tampering.
1 day ago
That is where the attestation comes in to show that the environment is only running cryptographically verified versions of open source software that does not have the mechanisms to allow tampering.
That's insufficient. Code signing doesn't do anything against theft or malfeasance by internal actors. Or external ones, I suppose.
If the software can modify data legitimately, it can be tampered with.
The point of measured environments like the TEE is that you are able to make guarantees about all the software that is running in the environment (verified with the attestation). "If the software can modify data legitimately, it can be tampered with." - the software that makes up the SBOM for these environments do not expose administrator functions to access the decrypted data.