frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Rethinking the Linux cloud stack for confidential VMs

https://lwn.net/Articles/1030818/
78•Bogdanp•5h ago

Comments

le-mark•4h ago
Timely considering the current (yet another) chip act. Presumably government mandated surveillance silicon would also require confidential compute capability.

https://www.atlanticcouncil.org/blogs/geotech-cues/how-the-c...

Joel_Mckay•2h ago
Funny, some people never consider burning goodwill with populations directly open a competitive advantage for competitors. =3
riedel•4h ago
Confidential computing is the straw for many people to overcome GDPR headaches in Europe. I know particularly medical researchers that hope that they get access to scalable infrastructure this way, because they can tick it as the only additional TOM on the processor side. As mentioned in the comments of OP though it is more a promise than a reality at the moment with very little actual benefit in term of reducing relevant attack vectors.
Bender•3h ago
Maybe this will check a box in some OpenStack cluster but it wont work for me personally. Anything sensitive I use physical servers. Once I am on a VM of a physical server that is not mine then my data is their data. It is just turtles all the way down and there will always be a way to obtain data. Whats more this is required for lawful intercept and authorities expect providers today to be able to live copy/clone a VM. There will always be a back door and when authorities can access the back door, so can the providers and malicious actors. Even more unpopular is that to me encryption is just mathematical obfuscation a.k.a. magic math and the devil is in the implementation details remember WEP and DVD encryption? Just like cell phones there will always be some simple "debugging" toggle function that can bypass it.
Joel_Mckay•2h ago
Unfortunately, if someone really wants into modern equipment it is rather trivial. As modern clouds often just used cost-optimized consumer grade CPUs/GPUs with sometimes minor conveniences like more ECC RAM, and backplane management options.

In many ways, incident detection and automated-recovery is more important than casting your servers in concrete.

Emulated VM can create read-only signed backing images, and thus may revert/monitor states. RancherVM is actually pretty useful when you dig into the architecture.

Best policy is to waste as much time and money of the irrational, and interleave tantalizing payloads of costly project failures. Adversaries eventually realize the lame prize is just not worth the effort, or steal things that ultimately will cost them later. =3

crote•2h ago
Why do you trust your physical servers? Do you believe it is impossible for a backdoor to exist in the CPU's Management Engine? Do you inspect the contents of every single network packet entering and exiting? Do you have a way of blocking or inspecting all electromagnetic radiation?

Confidential computing is trying to solve the very problem you are worried about. It is a way of providing compute as a service without the customer having to blindly trust the compute provider. It moves the line from "the host can do anything it wants" to "we're screwed if they are collaborating with Intel to bake a custom backdoor into their CPUs".

To me that sounds like a very reasonable goal. Go much beyond that, and the only plausible attacker is going to be the kind of people who'll simply drag you to a black site and apply the big wrench until you start divulging encryption keys.

eqvinox•18m ago
A physical server can use all the same mechanisms a VM in a cloud can use (worst case put your stuff in a single "confidential" VM), but can also rely on physical control of the machine. But there is no longer a 3rd party cloud operator in a pre-privileged position to exploit VMM or CPU vulnerabilities.

It is essentially by definition more secure than a VM anywhere.

I wouldn't "fully" trust it without going on-prem though. But trust isn't binary either; container < VM < hosted machine < on-prem machine. That's all there is to this.

matthewfcarlson•3h ago
Years ago, I saw a demo for a confidential gaming VM with the idea that games could ship with a whole VM instead of an anti cheat engine. Most of the tech was around doing it performantly. I wonder why it was never productized.
tomrod•2h ago
I'd imagine cost is a big factor. You have to contend with a lot of bad drivers on gpus, right? (This isn't my arena, just speculating here).
kg•2h ago
My understanding is that some modern game DRM does use an approach like that. See https://connorjaydunn.github.io/blog/posts/denuvo-analysis/
louwrentius•3h ago
I find the article a difficult read for someone not versed in “confidential computing”. It felt written for insiders and/or people smarter than me.

However, I feel that “confidential computing” is some kind of story to justify something that’s not possible: keep data ‘secure’ while running code on hardware maintained by others.

Any kind of encryption means that there is a secret somewhere and if you have control over the stack below the VM (hypervisor/hardware) you’ll be able to read that secret and defeat the encryption.

Maybe I’m missing something, though I believe that if the data is critical enough, it’s required to have 100% control over the hardware.

Now go buy an Oxide rack (no I didn’t invest in them)

crote•2h ago
The unique selling point here is that you don't need to trust the hypervisor or operator, as the separation and per-VM encryption is managed by the CPU itself.

The CPU itself can attest that it is running your code and that your dedicated slice of memory is encrypted using a key inaccessible to the hypervisor. Provided you still trust AMD/Intel to not put backdoors into their hardware, this allows you to run your code while the physical machine is in possession of a less-trusted party.

It's of course still not going to be enough for the truly paranoid, but I think it provides a neat solution for companies with security needs which can't be met via regular cloud hosting.

thrawa8387336•2h ago
Hasn't that been exploited several times?
crote•2h ago
I don't believe so? I have no doubt that there have been vulnerabilities, but the technology is quite new and barely used in practice, so I would be surprised if there have been significant exploits already - let alone ones applicable in the wild rather than a lab.
GauntletWizard•18m ago
The technology is only new because the many previous attempts were so obviously failures that they never went anywhere. The history of "confidential computing" is littered with half baked attempts going back to the early 2000s in terms of hypervisors, with older attempts in the mainframe days completely forgotten.
SvenL•1h ago
Well there were some advances in the space of homomorphic encryption, which I find pretty cool and would be an encryption which does not require a secret to work on the data. Sadly the operations which are possible are limited and quite performance intensive.
adam_gyroscope•2h ago
Apple has done a good job on the implementation and documentation for their confidential computing (https://security.apple.com/documentation/private-cloud-compu...) but of course it’s Apple only. There’s a few folks working on a non-Apple version of this, eg https://confident.security/ and others (disclaimer that I helped work on a very early version of this.

Read the Apple docs - they are very well written and accessible for the average HN reader.

warkdarrior•42m ago
Bit Google Cloud and AWS support confidential computing: https://cloud.google.com/security/products/confidential-comp... https://aws.amazon.com/confidential-computing/
signalloss•45m ago
Someone willing to price this out?

I Hacked Monster Energy and You Won't Believe What They Think You Look Like

https://bobdahacker.com/blog/monster-energy
57•speckx•53m ago•24 comments

RFC 9839 and Bad Unicode

https://www.tbray.org/ongoing/When/202x/2025/08/14/RFC9839
148•Bogdanp•4h ago•78 comments

Writing Speed-of-Light Flash Attention for 5090 in CUDA C++

https://gau-nernst.github.io/fa-5090/
82•dsr12•5h ago•5 comments

Manim: Animation engine for explanatory math videos

https://github.com/3b1b/manim
271•pykello•10h ago•48 comments

Librebox: An open source, Roblox-compatible game engine

https://github.com/librebox-devs/librebox-demo
136•libreboxdevs•6h ago•28 comments

Rethinking the Linux cloud stack for confidential VMs

https://lwn.net/Articles/1030818/
78•Bogdanp•5h ago•19 comments

Bild AI (YC W25) Is Hiring Applied AI Founding Engineer

https://www.workatastartup.com/jobs/75647
1•rooppal•35m ago

Developer's block

https://underlap.org/developers-block/
129•todsacerdoti•8h ago•70 comments

I Made a Floppy Disk from Scratch

https://kottke.org/25/08/i-made-a-floppy-disk-from-scratch
107•bookofjoe•7h ago•50 comments

450× Faster Joins with Index Condition Pushdown

https://readyset.io/blog/optimizing-straddled-joins-in-readyset-from-hash-joins-to-index-condition-pushdown
45•marceloaltmann•4d ago•15 comments

WebR – R in the Browser

https://docs.r-wasm.org/webr/latest/
99•sieste•4d ago•21 comments

Waitgroups: What they are, how to use them and what changed with Go 1.25

https://mfbmina.dev/en/posts/waitgroups/
33•mfbmina•2h ago•22 comments

Lightning declines over shipping lanes following regulation of sulfur emissions

https://theconversation.com/the-world-regulated-sulfur-in-ship-fuels-and-the-lightning-stopped-249445
164•lentoutcry•4d ago•40 comments

Shader Academy: Learn computer graphics by solving challenges

https://shaderacademy.com/
217•pykello•3d ago•57 comments

Converting an online game to work without any JavaScript

https://bejofo.com/blog/no-js-game-case-study
13•YannickR•4d ago•3 comments

David Klein's TWA Posters (2018)

https://flashbak.com/david-kleins-magnificent-twa-posters-404428/
68•NaOH•4d ago•6 comments

World Wide Lightning Location Network

https://wwlln.net/
73•perihelions•9h ago•26 comments

You can't grow cool-climate plants in hot climates

https://www.crimepaysbutbotanydoesnt.com/blog/why-you-cant-grow-cool-climate-plants-in-hot-climates
135•surprisetalk•3d ago•95 comments

From M1 MacBook to Arch Linux: A month-long experiment that became permanenent

https://www.ssp.sh/blog/macbook-to-arch-linux-omarchy/
207•articsputnik•3d ago•371 comments

Game math: precise control over numeric springing

https://allenchou.net/2015/04/game-math-precise-control-over-numeric-springing/
6•fanf2•2d ago•0 comments

Robots can now learn to use tools just by watching us

https://techxplore.com/news/2025-08-robots-tools.html
18•geox•2h ago•4 comments

My tips for using LLM agents to create software

https://efitz-thoughts.blogspot.com/2025/08/my-experience-creating-software-with_22.html
155•efitz•16h ago•73 comments

The first Media over QUIC CDN: Cloudflare

https://moq.dev/blog/first-cdn/
274•kixelated•23h ago•109 comments

I run a full Linux desktop in Docker just because I can

https://www.howtogeek.com/i-run-a-full-linux-desktop-in-docker-just-because-i-can/
160•redbell•4d ago•97 comments

Show HN: JavaScript-free (X)HTML Includes

https://github.com/Evidlo/xsl-website
189•Evidlo•22h ago•100 comments

The Fancy Rug Dilemma

https://epan.land/essays/2025-8_FancyRugDilemma
41•ericpan64•3d ago•26 comments

Nitro: A tiny but flexible init system and process supervisor

https://git.vuxu.org/nitro/about/
216•todsacerdoti•22h ago•81 comments

The theory and practice of selling the Aga cooker (1935) [pdf]

https://comeadwithus.wordpress.com/wp-content/uploads/2012/08/the-theory-and-practice-of-selling-the-aga-cooker.pdf
62•phpnode•2d ago•33 comments

ArduinoOS (2017)

https://github.com/DrBubble/ArduinoOS
52•dcminter•3d ago•5 comments

Echidna Enters a New Era of Symbolic Execution

https://gustavo-grieco.github.io/blog/echidna-symexec/
14•galapago•3d ago•2 comments