12-12, 21:00–22:00 (UTC), Dasharo vPub
What can we get with modern x86 clients, workstations, and server CPUs? Is there any hope in non-x86 confidential computing now?
This discussion panel aims to shift the focus to local environments, particularly homelabs and workstations that operate intranet-only services without external access. Remote VM-to-VM attacks and VM escapes are out of scope. We will explore the practical applications and benefits of Confidential Computing features such as SEV (Secure Encrypted Virtualization), TSME (Transparent Secure Memory Encryption), TME (Total Memory Encryption), TME-MK (TME with Memory Keys), SGX (Software Guard Extensions), and TDX (Trust Domain Extensions).
The panel will also investigate the crucial roles of the Dynamic Root of Trust for Measurement (DRTM) and Static Root of Trust for Measurement (SRTM) in establishing a secure foundation for trusted computing in homelab environments. We will discuss how these technologies can enhance workstation and homelab security and trustworthiness while leveraging synergy with Confidential Computing technologies. We aim to discuss only provable, auditable, and verifiable mechanisms. Because of that, we will spend time untangling silicon vendors' marketing hype to real-world experience and provable. This session will provide practical takeaways and foster dialogue on how the tech behind the Confidential Computing buzzword can be used in practice by the FLOSS community.
See also:
Invisible Things Lab, Qubes OS Lead Developer
reverse-engineering / low-level security
@DragonSectorCTF vice-captain / Invisible Things Lab
Mastodon: @redford@infosec.exchange
bsky: @mkow.bsky.social
Kicksecure and Whonix founder and lead developer.
Piotr Król is an open-source firmware enthusiast who founded 3mdeb in March 2015. His expertise is rooted in the hacker ethos of collaborative innovation and transparency, guiding 3mdeb's focus on projects like Zarhus OS, a Yocto-based Embedded Linux distribution, and Dasharo, a coreboot downstream project. These projects are dedicated to open development, embedded firmware resilience, platform security, transparency, the right to repair, and digital sovereignty.
Piotr's deep involvement in open-source firmware includes key computing areas such as Root of Trust, Secure, Verified and Measured Boot, TPM, coreboot, UEFI, EDK II, Yocto, U-Boot, and Linux. He often speaks at significant industry events like FOSDEM, Xen Developers Summit, and Platform Security Summit, sharing his insights and promoting the open-source firmware ecosystem. Piotr is dedicated to sharing knowledge by serving as a Trainer at OpenSecurityTraining2, offering free and open educational materials to advance the open-source firmware ecosystem.
Apertus Solutions, TrenchBoot Project Leader