Question about TEE attestation guarantees #2
Description
Dear Proof Of Cloud team,
as we all know Intel TDX/Nvidia attestations can be faked by anyone having access to CPU-baked secret extracted from one of genuine hardwares out there.
Our team knows you started to maintain "Proof Of Cloud" whitelist for additional confirmation that the specific TEE attestation is tied to hardware parties involved (Scrtlabs, Phala, Nillon, IExec, etc.) think is non-tampered. We even started seeing these whitelists already being used by parties to show users that the compute is fully "confidential".
But we haven't found any official, clear and reasonable ways where you provide a tool to verify that specific hardware couldn't have been affected by side-channel attack starting from the factory and even during maintanence periods.
It's been 4 months since we discovered the "Proof Of Cloud" concept and we patiently waited for the solution given factually total lost of trust from mathematical point of view. The only thing that seems to be changed since then is that parties like Phala now additionally check if given TEE is in some imaginary whitelist that we don't know nothing about.
Moreover, given the money driven design of the the parties involved and TEE verification vulnerability, it's safe to assume the already mentioned "whitelist" could be theoretically totally fictional because regular setups on, for example, non-TDX hardware are cheaper & faster. In other words there is clear conflict of interest until the "Proof Of Cloud" finally becomes what its landing page makes it seem like.
And even that won't be enough because hardware integrity will need to be absolute and verifiable.
How can we guarantee our own customers data confidentiality if we cannot be sure that parties do not forge Intel TDX/Nvidia attestation?