FLOSS Weekly 731 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

Doc Searls (00:00:00):
This is FLOSS Weekly. I'm Doc Searls. This week, Jonathan Bennett and I talk with Dan Middleton about Confidential Computing. Confidential Computing is a whole new category, like it's gonna be called Coco, c o c o, because five syllables of Confidential Computing against so much, but lots of other two and three and four letter acronyms involved. It's part of the Linux Foundation isn't everything these days, but it's really interesting, really important, and it is coming up next.

Announcer (00:00:33):
Podcasts you love from people you trust. This is TWiT.

Doc Searls (00:00:40):
This is FLOSS Weekly, episode 731, recorded Wednesday, May 10th, 2023. Confidential Computing

Announcer (00:00:51):
Listeners of this program, get an ad free version if they're members of Club TWiT. $7 a month gives you ad-free versions of all of our shows Plus membership in the Club. Twit Discord, a great Clubhouse for TWiT listeners. And finally, the TWiT plus feed with shows like Stacy's Book Club, the Untitled Linux Show, the Gizz Fizz and more. Go to TWiT and thanks for your support.

Doc Searls (00:01:18):
Hello again, everybody everywhere. I am Doc Searls, and this is FLOSS Weekly this week, and I'm joined by Jonathan Bennett, himself in his lair in Oklahoma.

Jonathan Bennett (00:01:30):
<Laugh> the Lair.

Doc Searls (00:01:31):
Yes. Wearing his head clamps.

Jonathan Bennett (00:01:35):
So I am, I am in need of a haircut. I would give you a

Doc Searls (00:01:39):

Jonathan Bennett (00:01:39):
Secret. Yeah,

Doc Searls (00:01:40):
No. When you take, I'm trying to think what you look like when you take that <laugh>. Jonathan has an enviable for those who envy hair. I'm wondering amount of hair. And he looks like the young Trotsky or somebody, or you know what? Some literary figure who, whose hair goes back and did falls sideways and Yeah.

Jonathan Bennett (00:02:00):
Yeah. If I'm not careful, I end up looking like the aliens guy. You know, I'm not sailing. It was aliens, but it was aliens. That guy. Yeah. That's not a good look.

Doc Searls (00:02:08):
<Laugh>, that's

Jonathan Bennett (00:02:09):
Not what I'm going for.

Doc Searls (00:02:10):
Alien, balance it a bit with the goe.

Jonathan Bennett (00:02:13):
The goe helps, and then the headphones help a lot. It's like a big shift to Airband. Keeps me outta control. <Laugh>

Doc Searls (00:02:19):
Hold, hold them in there. So, so I guess this morning's gonna talk about Confidential Computing. Are you up on the topic

Jonathan Bennett (00:02:26):
A little bit? So, interestingly, I've been working through, I got an advanced copy of actually, of Cory, Dr. O

Doc Searls (00:02:32):
Book. I have one too. I should hold mine up, but go ahead.

Jonathan Bennett (00:02:34):
Red Team. Blues and Confidential Computing is sort of what the, it's not really the basis of the book. It's sort of the, it's almost like the McGuffin, it's the, the background. It's what makes, it's what makes the plot work is that someone did something very clever with Confidential Computing. And so I have, I've been thinking about it and of course I'm, I'm familiar with the idea of a secure enclave and a, a tpm trusted platform module and all of those things. And those are all sort of related. They're connected, they're not exactly what we're talking about, but they're very much tangential to it. So, you know, I'm, I'm in the ballpark and I am looking forward to asking some pointed questions about how some of these things work with open source, because historically they haven't. And I'm pretty excited about, about the idea that people are thinking about how to make that work.

Doc Searls (00:03:24):
Yeah. And Catherine Druckman, who is another co-host here and works for Intel, has already done a, a session on Confidential Computing and, and sent us a briefing from that that was helpful too. So I wanna get into it now. So Dan Middleton is the guest. He's the principal engineer with over 20 years in Intel. He's developed and released products in sas, computational Imaging, blockchain, and Confidential Computing, an open source leader. He has represented Intel in projects, including the Confidential Computing consortium, which is on a topic today, open source security foundation C N C F Coco, which we can go into as well. And Hyperledger, he currently leads the Confidential Computing, pathfinding and intel security software and services division, which in German would all be one word <laugh>. <Laugh>. Anyway, so welcome to the show, dad.

Dan Middleton (00:04:26):
<Laugh>, thanks so much. I'm flattered to be here. Really appreciate being inviting. So,

Doc Searls (00:04:29):
So where are you in the world?

Dan Middleton (00:04:32):
I'm in Minneapolis, so. Okay. it's the undisclosed headquarters of Intel. <Laugh>

Doc Searls (00:04:37):
<Laugh>. It's so undisclosed as Intel know about it. <Laugh>

Dan Middleton (00:04:42):
No, they do not <laugh>

Doc Searls (00:04:44):
That, that's great. So, so tell us about what's going on. I mean, it would give us the sort of the overall thing and the Confidential Computing is about, and then we could drill down into various parts of it.

Dan Middleton (00:04:56):
Yeah, yeah. So like you observed, we're doing things in open source so we can talk about what we're doing in the Confidential Computing consortium. But you probably wanna know, like right off the bat, what is Confidential Computing. And we have a a very carefully chosen definition for what it is, which is the protection of data in use by performing computation in a hardware-based, a tested, trusted execution environment. But that probably did not tell anybody anything just now. So what I like to think of is data has three phases, kind of like solid liquid gas. And the industry as a whole, we're, we're pretty good at protecting data at rest. So we've got disc encryption, file encryption, pretty well understood, and then we've got data in motion data in flight, so you're transmitting it somewhere. And that's also really well understood. Pretty much everybody's gonna be listened to this or have downloaded it through some form of t l s, some sort of trusted communication protocol https s TL s something like that. So we know how to communicate pretty well securely, but we've gone all this trouble to protect secrets until we actually go and use them, and then we load them in plain text on our computers

Jonathan Bennett (00:06:25):

Dan Middleton (00:06:26):
And now if you've got malware or an inside actor that has access to that host, well, when you're actually using it and it's most vulnerable, there's, there's nothing protecting it. So that's what Confidential Computing is seeking to do. We protect it while it's in use, and we do that. And there's different vendor implementations, but the sort of, the easy way to think about it is that memory is now encrypted. So if you have something running on that host and it wants to go sniff something out of memory, it's just gonna get garbage. The only time that your code, or the only time that your data is actually in clearex now with Confidential Computing is when it's inside the C P U.

Jonathan Bennett (00:07:09):
So there was a y the, your explanation really makes me think about this. There was an attack against full disc encryption back several years ago, and it was essentially, I think it was the NSA that was one of the big ones that was working on it. So someone was running say, true crypt, it's long enough ago that true crypt was a thing. If they got to a computer that was turned on, they could yank the ram out of the computer, hose it down with liquid nitrogen, and then go run over to another computer running and punch it back in. And some of those, a lot of those bits would stay in the same state because they cooled them and they could do a ram dump and a lot of times get that secret, the actual disk encryption key and be able to decrypt the entire computer. And so when you're looking at trusted execution, are you essentially, that is sort of the attack that you're trying to, you're trying to combat

Dan Middleton (00:08:10):
So that, that is a, that is an advanced attack, but yeah, that is, it's an attack that's mitigated by Confidential Computing. So for remote attackers, you know, they're not necessarily gonna be able to physically lay hands on a machine, yank a chip out, put it back in another machine. But there's, you know, any number of exploits every day for somebody to tunnel into your machine. And so long as you keep them outside the boundary that you establish with Confidential Computing, they're just gonna get garbage out of memory.

Jonathan Bennett (00:08:43):
Okay. So does this help with buffer overflow attacks and arbitrary memory read attacks? Because you're encrypting memory, does, does it help with all of those? And then I've got questions about how in the world that works, if it does <laugh>,

Dan Middleton (00:08:58):
<Laugh> so all the security principles still apply. You still want defense in depth, you still want you still want to look at different security practices for confidentiality. Integrity and availability. You want to understand what those mean. So, you know, we're not changing necessarily fundamentals, but we are adding in a new layer of protection. So when it comes to something like buffer overflows if that is something that is inside your enclave, you're not protected from that. You still have to do input validation on your code if that's the code that would be exploited. But if there's something else running in your host, even in the host operating system that's not doing input validation, and you get a buffer overflow out of that, that doesn't get to do some sort of jump into the enclave code.

Jonathan Bennett (00:10:00):
Okay. So we're, we're really talking about having two different systems in one box, then this is, this is what Nvidia and the armed world they do with the, the tlk, the, the trusted little kernel where you have your user facing kernel that's running on the hardware, but then kind of squirreled away in the corner. You've got an entirely different operating system that's running that just keeps the secrets. And those two can talk to each other, but there's certain very specific rules that the, you know, the, the operating system that we think of as an operating system has to follow to be able to talk to that tiny trusted little system. That's more what we're talking about, isn't it?

Dan Middleton (00:10:41):
Yeah, that's a really good analogy. So Armed trust zone was one of the first kinds of Confidential Computing. Intel SGX was one of the first kinds and the difference, one of the differences between those is with S G X, you don't even have a special operating system intermediating that you just have a a portion of the segment that your program is running in, you can dial it down to a single library, and then that is just executed directly within the processor in a protected space. But on the other end of the spectrum, we now have more VM based technologies. So Intel has trust domain extensions ARM has something called C C A a M D has s E v, and the Risk five World has has their own Confidential Computing architecture as well. And these are VM oriented. So now they've guest operating system that's part of what we call the trusted computing base or the tcb.

Jonathan Bennett (00:11:48):
Yeah. So the, the VM at that point, we're talking about a, a virtual machine where its RAM is encrypted and the bare metal OS doesn't actually have the encryption keys, the hardware manages those encryption keys for it. Right? Right. That's, that's sort of the idea. And that that is all run with things like the I m e, the Intel management engine on, on Intel chips. That's kind of the, the, the magic, the secret sauce that, that makes that key exchange, that kind of blind key exchange happen.

Dan Middleton (00:12:19):
Yeah. So there's different implementations across different vendors, but the thing that's really attractive for people, I think with the, the virtual machines is with cloud computing mm-hmm. <Affirmative>. So if you don't want to trust that Azure who's administering the host Sure. And operating the virtual machine monitor that they're not going to get into your workload, or probably more realistically that you don't trust that another tenant on that same host isn't gonna find a way to read into your workload mm-hmm. <Affirmative>, that's where that's where these VM isolation technologies are really popular.

Jonathan Bennett (00:12:56):
Okay. Now to get to the real meat of one Wanted ask about, with all of this, how does that work with open source? How do you make that that trusted segment open mm-hmm. <Affirmative> and how do you make it open in the way that we normally think of it being open, where like the end users can get in and poke around. It almost seems like these are two diametrically opposed goals for it to be, you know, secret and secure and nobody can touch it and also open in the way we think of open source.

Dan Middleton (00:13:26):
There's so many answers to that. So I, I love that question, <laugh>. So, you know, one is just Kirchoff's principle, which you do not want the security of a system to depend on its own secrecy. You want somebody to be able to go in and inspect how something is created and then not, you know not destroy the security of that system just because they've been able to look inside. You wanna still be able to rely upon it. Another answer to that question is that it has to be open source, and it has to be open source because of Linux. If you want a feature to be adopted in the world today, you wanna make sure that that gets upstreamed in Linux. And Linux just kind of forces you to at least make some portion of what you're doing transparent. And then over and above that we recognize the need for, for all those software layers that are in between the CPU instructions that we're creating and what end users want to do with it. There's a lot of layers of software and we want all that to be transparent. So we created this this open source organization called the Confidential Computing Consortium.

Jonathan Bennett (00:14:43):
And I guess one of the things that I'm, I'm kind of really curious, curious about and really getting at is, you know, on a, say on a cell phone this happens to be a, an Android phone, but it has sort of the same problem as the the Apple phones do. And that is, there are certain things that, you know, if you want to do on this phone, like get root on it you're just not allowed to do that without a security vulnerability. And that is in the name of keeping things secure. And what's, why is it that we're talking about this in an open source way, and I'm assuming in a way where we can actually get root on our machines, that's sort of a necessity for doing administration. And over on the mobile side, you can't, it seems like there's a, something of a disconnect about how how much we're trusting the user. I'm not sure if that question came out right, but I I'm still very curious about how this works.

Dan Middleton (00:15:41):
Yeah. I like to think of, of what we do with Confidential Computing as being very user oriented. I want to control my workload regardless of whose machine it's running on. Mm-Hmm. <affirmative>. So if I choose to outsource something to the cloud, I don't want to diminish its security properties. If I want to keep it inside my own data center, I also wanna be protected from insider threats. But as the data owner or as the workload owner, I wanna be able to have guarantees about what is what is happening with my code and my data.

Jonathan Bennett (00:16:23):
Now there's honestly, there's still some black box sort of magic technology. I, I use the term magic sarcastically, of course. Yeah. But there's still some black box tech that's going on here. Right. But, so for example, modern X 86 chips don't actually run with the X 86 architecture. They emulate it because we're so far down the rabbit hole of, you know, trying to get more and more instructions per clock cycle. And so you've got, you've got kind of that x 86 layer of abstraction and everything above that we can make open, but there's still a lot below that that's closed that we really can't take a look at. And I'm just curious is, is there a, is there a game plan to make some of that more open to be able to, to trust this even more?

Dan Middleton (00:17:10):
So there's definitely proprietary stuff when you get down into micro code. And, and some of that is less about keeping things secret and more about just the practicalities of it. But then you look at something like Risk five, so Risk five fully open architecture, and they participate directly in the open source consortium that we have the Confidential Computing consortium.

Jonathan Bennett (00:17:36):
Yeah. And it's, it's, it's worth pointing out, I don't know if you will or not, but it's worth pointing out that man Intel has actually become quite a player in the Risk Five World. And if, if I remember correctly, most Intel chips actually have a little tiny risk five co-processor inside of them. So, I mean, kudos to you guys for <laugh> for helping that world come along and, and do some sponsorship there. And I, I'm excited to see where, where that entire thing goes.

Dan Middleton (00:18:03):
Yeah, you and me both. I've got friends now who are working on Risk five that I used to work with at Intel, and we're always excited to see them come present. So we, we do tech talk usually we meet every other week in the consortium for a, a technical body. And we, we tend to allocate a, like a half hour tech talk. And one of our recurring topics is our, our colleagues over in risk five come in to give us an update on how they've progressed with their plans for Confidential Computing.

Doc Searls (00:18:35):
So I, I have a question around the name or the term Confidential Computing. And I, in your briefing you abbreviated Coco, c o c o, is it, is it colloquially called that internally because it's only two syllables and easier to write?

Dan Middleton (00:18:53):
Oh my gosh. How much time will I get back from my life if I no longer have to say Confidential Computing consortium <laugh> 20 times an hour <laugh>? So people abbreviate things different ways. So we say the CCC instead of the, for the, the open source organization name. And then there is a project over in C N C F that I'm also a maintainer on that we call coco. And that's short actually for confidential containers.

Doc Searls (00:19:20):
And C NNC F is cloud Native Computing Foundation. Right. Which is, yes, thank you. One of the four or 500 <laugh> foundations that are within the Linux Foundation, it seems like to me <laugh>, but it's a big one. I, I'm actually, it's pretty familiar with the cnc. Yeah. I've hung out with that. It's and

Dan Middleton (00:19:39):
Yeah, and then if you actually dig into the, the, the Linux kernel where some of the code for across architectures comes in, they've abbreviated that cocoa. So cocoa can be abbreviations of different things. To avoid ambiguity. I usually still suffer through saying confide computing <laugh>.

Doc Searls (00:20:00):
So, so when did the, when did the, that expression show up? Confidential Computing, cuz it's actually, this is the first time we've done it on this show as far as I know. And we've been around for like 15, 16 years. So

Dan Middleton (00:20:13):
Yeah, I think it's still a relatively new term. When we brought S G X out, we talked about secure enclaves a lot. Apple had a different definition of, of enclaves, so it, it might have been Microsoft that coined the term, but the, the consortium that we came together with, with all the, the companies and, and independent people that were working on this technology that came around just at the very end of 2019.

Doc Searls (00:20:40):
So, okay. So, so tell us about attestation, because I have a follow up question of that, that mm-hmm. <Affirmative> does touch on some things that we're we've had guests on before about what, what do you mean exactly by attestation? And, and I mean, I imagine that's, you need to know what's going on, obviously, but it's about validating that, I suppose. Yeah.

Dan Middleton (00:21:02):
Attestation is, is a central concept to Confidential Computing. It is one of the coolest parts of it. I'd say for like the developers and the audience. If you're listening to this podcast, it's probably because you like creating things. And at a station is this new building block that you get with Confidential Computing. So if you get excited for having a new kind of Lego that you've never gotten to work with before at a station is your new Lego. And what it is, is the ability to remotely identify your code. So there's much more technical, precise definitions of it, but when your browser, like, like you wanna go to your, your bank website, you check that little lockbox in your browser because your browser has remotely identified, your bank, identified it through a certificate that sits on that computer that you're talking to at a station goes another degree.

It's gonna go identify not just some certificate that's sitting on a host somewhere. It's gonna go identify your code when Confidential Computing launches your application or your virtual machine, it's gonna take a cryptographic hash or a fingerprint of that code as it is put into memory. And then Confidential Computing signs that the components within that host that, that you trust, it's gonna sign that measurement, that identity of your code and send it to you. Well, you'll, you'll ask for it and you'll get that, that signed at station of, oh, this is the code that's running. It's not the code that was shipped to the box, it was the code that is actually running in memory now.

Doc Searls (00:22:53):
Okay. Does this add a layer of complexity that some developers might not want to deal with? I'm purely guessing that cause I'm not a developer myself,

Dan Middleton (00:23:03):
But yeah. So there's, there's two sides. It's always

Doc Searls (00:23:05):
A coin a pain, right? But yeah, I mean, it's a new kinda security. So,

Dan Middleton (00:23:10):
Yeah. So there's two sides of the coin. One is this gives me a new building block to play with because I can actually add fields into my request to that system. And you can come up with new interesting protocols. My first foray into this work was with a blockchain protocol called Poet. And so we all know that, well, people who have been exposed to blockchain know that that proof of work was this really expensive energy wasting thing. But if you used trusted execution you could get what was the, the heart of proof of work is a fair random number. You could just do that in an enclave without spinning a bunch of energy. But the way that you did that was to build an attestation based protocol. So there's fun things that you can do with this tech but it's true that, you know, security and any sort of additional thing that you have to do can be difficult.

So on that side of the spectrum, we've worked with existing protocols like transport layer, security and there is a version of that called Remote attestation, t l s, and that's already written for you. And if you go to the Confidential Computings website in our blog area you'll even see a fairly recent post about that. And it's sort of one of the nice stories for me of open source is that we had different companies independently implement this protocol that came out of a research paper. And those protocols, then they couldn't, you know, they were never standardized, so they couldn't inter-operate. So by collaborating together in open source, we said, all right, you're using this magic number. I'm using that magic number. It's not hard for any of us to just agree on one magic number for the protocol. And now three or four different implementations of remote at station tls, R A T L S, these, they now interoperate. And you don't really have to do anything special. You just get to use the protocol like you normally would.

Jonathan Bennett (00:25:18):
So that's really interesting. We mentioned at the top of the show Dr. Oz book, which I've been enjoying sort of a two-way attestation is his McGuffin. And that is the way that a fictional cryptocurrency is built. Everybody's got some device that can do essentially trusted computing. And if you can do this two way at a station, then you don't have to have proof of work or proof of stake. You can just do at a station as your proof of your cryptocurrency. It's a really interesting idea that, I don't know, may have some legs, we'll see if somebody actually tries to build it in the real world. But, and we've got, we've got a bunch more questions, a bunch more stuff to cover. Real quick though. I want to talk about Club TWiT and, and of course some other things that happen on Club TWiT.

So Club TWiT is one of the best ways that you, our listeners can support the network. It is just about as much as a cup of coffee a month, $7 a month, and it gets you access to add free shows, gets you access to the members only Discord. But the thing that I think is the need is, is it gets you access to the secret shows. We've got some shows that we just don't tell everybody about. We've got hands-on Mac, hands-on Windows, and my show, the Untitled Lenox Show we record on Saturdays. And it is a lot of fun. And you can get into the Club with Club TWiT and access those shows. It is a blast, is a lot of fun. And you need to be there. We hope to see it Club TWiT. All right. And now I, I want to ask a couple more questions about this. So one of the, we talked about attestation. I wanna talk about Gramine and not the not the element, not not the compound Gramine but the Project Gramine, and this is it's Unikernels, right? Is that what this is about?

Dan Middleton (00:27:06):
Yeah, so there's a lot of interrelated terms. Some people call it a library os or a unikernel. But you, you even brought up earlier, like often there's the need for a separate operating system mm-hmm. <Affirmative> in this trusted world, right? To be able to facilitate program execution. And that's, that's what Gram brings. So if you wanted to develop your, your program with the most precise level of security control, you would use one of our S D K projects like the open enclave, SD K. But if you just want to take code that you already have and throw it into an enclave and still have more control than throwing it into a trusted virtual machine, you use something like Graming. And Graming has sort of a tiny operating system within it. They've intercepted the system calls that would normally call out of the trusted space into your real operating system, and they implement those in a secure way. They've done like a, a bottom up implementation of the most important system calls.

Jonathan Bennett (00:28:15):
So there was a, there was a set of patches posted back a couple of months ago to the Linnux kernel that I thought was really neat. And of course, the linnux kernel devs shot it down as being a terrible idea. But it was the same idea that, well, what if we took some user space code, actually put it in kernel space, and then you could run this, this thing, this kind of Frankenstein Linux kernel that also, you know, has Apache built into it or, or has <laugh> has, has your database software built into it? And I immediately thought of, oh my goodness, that would be amazing for running VMs because it would theoretically run so much more efficiently. And it sounds like this is what you guys are doing. Do you know, is that related to that? And I can't remember who sent the patch in <laugh>, but is that related to that Colonel Patch? Is this something that's been pitched to the colonel devs, or is this kind of, its its own project that lives off to the side?

Dan Middleton (00:29:07):
It's probably, it's more it, it's its own project off to the side. So there's a few different library oss out there. In fact, even within the c c besides Grammy, we have another project called Oakland. And that's a different implementation of a library os and that's, that's more of a, you know, they've got a rust based implementation. So if you'll like rust, that's a good project to go check out. But there's a few of them out there.

Jonathan Bennett (00:29:34):
Yeah. It always seems to me that that's a neat idea, though. You know, if we're, if we're using virtual machines for separation of privilege and, you know, to try to keep that firewall up between our different applications, and, but you want some of those things to be able to run at full speed, particularly if you're like only doing one thing on a virtual machine. There's a lot of overhead there. And, and trying to come up with a, well, essentially that unikernel idea in a way that's actually trusted that just, it seems to me to be a, a, you know, a home run if, if, if we could make it work.

Dan Middleton (00:30:08):
Absolutely. I think we'll see a lot of innovation in the, in like the guest kernel space. The more people want to use trusted execution with, with guests up in cloud hosts, the more people wanna skinny down what is inside that guest. At Intel, we've been contributing to guest colonel hardening. So if we know that a guest is being built for running inside Confidential Computing, it doesn't need to have a whole bunch of extraneous attack surface. So we're, we're trying to do what we can to help harden what's there and remove what needing to be there.

Jonathan Bennett (00:30:45):
Yeah. So we actually have a question from the chat room that I thought was a pretty good one. And it, it goes back a topic, it goes back to attestation, but is that, is that runtime code signatures? We, which we've, you know, we've had in Windows for, for forever. It's, it's essentially code signing by the developer, like, like a runtime code signature is, right?

Dan Middleton (00:31:04):
Yeah. And I love questions on attestation because it is such a big topic for us mm-hmm. <Affirmative> but it is what was loaded into memory. So it is explicitly at runtime.

Jonathan Bennett (00:31:16):
Okay. And so, boy, I'm gonna ask a follow up question on attestation then. Cuz that means every time a library updates, so when, when, when you look at code on the web, libraries update all the time, sometimes automatically, because, you know, every time you, you load a page, you're loading these JavaScript libraries from all across the web, and a lot of times they get updated automatically. Boy, code signing and key management for that sounds like a nightmare. How do <laugh>, how do you deal? How do you deal with that?

Dan Middleton (00:31:49):
Yeah, so dependency trees are gonna be a problem for everybody. If you put garbage into an enclave, you still have garbage in an enclave. Yeah, <laugh>.

But there, there's another facet of, of runtime, and that was one of these building block ideas that I didn't go all the way through. And so you've, you've loaded your code in a memory, you've gotten the hash of that, so you've got the cryp cryptographic identity of it, but then now in runtime, you can also interact with it. So if I wanna send a trusted input into my program and I will get a trusted output from it, now the output of my application is also a tested. So it's not just at launch time, I wanna know if this is a clean environment before I go interact with it. It's, I can produce something that has a cryptographic aspect to it that I can then use for some other purpose that other people can trust because it comes attached to an attestation.

Jonathan Bennett (00:32:52):
All right. So I'm gonna ask you about something that I know you don't want to hear about because you work at Intel, and I just know that this is considered a curse word at Intel. What about Specter and the other

Dan Middleton (00:33:09):
Melt meltdown?

Jonathan Bennett (00:33:10):
Yes. Yes. Meltdown. I'm trying to, I'm trying to come up with the, the more broad term speculative execution vulnerabilities. Yeah. How does that, what's the overlap between those and trusted execution? Is there, is there a piece of, of Coco that kind of deals with that?

Dan Middleton (00:33:29):
So, so yes and no. It, we have a, a white paper in the C C C that it's it's called a technical analysis of, of Confidential Computing. And we've got a section in there about side channel attacks. So side channel attacks generally are difficult. The responsibility to protect against those goes both to the developer, the Confidential Computing provider. It touches a lot of different surfaces. So if I overextend my analogy, maybe with, with the states of data as solid liquid gas, all right, well, there's a plasma phase too. And that's these side channels that come off. If you have a non-constant time cryptographic operation, and you have a way to monitor power fluctuations or, or any of the other common side channels, you, you can still discover things that are inside an enclave. So the level of effort that you put into what goes in the enclave has to be commensurate with a level of trust or sensitivity of what you are gonna be operating that for.

Doc Searls (00:34:44):
So, so I have some questions about how the C C C and Coco <laugh> promulgate in the world. I was trying to figure, I was looking at your about page here, and and now I've lost it. What I, where I was looking, what Yeah. The exact thing. But there, you, you, you have Intel meta, Microsoft, a m D arm these are not hurting animals. They, they are not built to get along. They're built to compete for the most part. And, and how do you, how do you do governance? How does governance emerge out of this? Because I know, I mean, this is one area where I actually am involved with the, with the Ostrom workshop at Indiana University, which is where I hang out about ha at least half the time. That's all about how governance emerges from groups getting together, working on common goals. But it, it seems that you don't have that worked out yet. So how does that work? I mean, how did, how do you find the, the common ground where you're working together on something?

Dan Middleton (00:35:43):
Yeah. And, and this is one of the things that I absolutely love about opensource. So, so Doc, you're, you've had an entire career in opensource for me, it was the second half of my career. So the first half of my career was I got to work with the best experts some of the best experts in the world within Intel, but on things that I might never be able to talk about out here in Open Source. Not only do I get to talk about them, but I'm interacting with, with people, like you said, that are direct competitors. So by having the, the, the legal structure of a consortium, we get to operate in the open together, and it encourages us to work on things that we shouldn't keep secret. And we've got, as you observed, direct contributions from all of these competing and cooperating companies. And it's all through the magic of open source.

Doc Searls (00:36:47):
So we have a question over here. Are we approaching an p i that works on multiple platforms? Is that a,

Dan Middleton (00:36:54):
That's probably one of, one of the evolutions. What, so when I think about like what we do in the Confidential Computing consortium, it's it's, it's soil green <laugh>, right?

Doc Searls (00:37:12):
It's people. Exactly.

Dan Middleton (00:37:14):
So I want people to be able to come to work with us in open source, because open source isn't necessarily about the code or the APIs, it's about the people. And we really don't think that much about I'm, I'm working with Thomas, and Thomas is at arm, so I gotta be careful about what I say to Thomas. Thomas is a great guy. I know him now from interacting with him. And we just have nice chats in say for example, the Attestation Sig. So besides the projects that we've constructed under the, the umbrella of the consortium, we also have a couple of special interest groups. So if you wanna learn more about attestation, you can show up to our sig and we record our meetings. I think we've probably got a college semester of material there. It might even be too much to just land there and, and try to find something of interest. But there's, there's good material there and there's good people to interact with, and we want everybody to be able to join us. So if you're, if you're listening this to this right now and you're like, well, I've never really been involved with open source before, we want you to come over to the Confidential Computing consortium because there's different ways for you to interact there.

Doc Searls (00:38:30):
And as su for individuals there, I assume, I mean, it, it, I don't, Linux Foundation itself is an industry association. But, but individuals can join this thing and, and be part of it.

Dan Middleton (00:38:43):
Absolutely. So we, we've been talking about these big companies, but you can have just as much of a contribution by coming in as an unaffiliated person. It's not as though we check a brand when you try to enter the door, literally everybody is welcome and in a lot of different capacities. So we always think about code, of course, with open source, and more and more people recognize the importance of documentation. But like, if I could ask for help with one thing right now, it would be with a picture. We tried to put a picture on the front of the consortiums website that depicted what Confidential Computing is, and it confused people. So we immediately took it back down within days

Doc Searls (00:39:31):

Dan Middleton (00:39:32):
And so, you know, if you are a good developer, please come. If you're a bad developer, come we'll help you get better <laugh>. But if you are a good communicator technical documentation is the most underserved part of any open source project. And I think even within that, if you look for, you know, a picture is what, it's two kilobytes. It's, you know, it's a thousand words. There's a little math joke there, but mm-hmm. <Affirmative>, the if you could help us express what Confidential Computing is with a picture, that would be a huge contribution. And it's one you don't even need to know how to program to make

Doc Searls (00:40:12):
<Laugh>. That's interesting. To want a picture for something. I, I, I work, I mean, my own personal focus is on, on economics and on customers. There is not a symbol for a customer <laugh>. The men and ladies room symbol are the closest we have for symbols for a customer. That, and a shopping cart, <laugh>. That's pretty much it. Okay. So Dan and another three litter initialism I see here is t e e for Trusted Execution Environment with the emphasis on the execution, I suppose. And is that, is that a common expression yet, or are you looking for that, I mean, is and sort of evangelizing what you're doing? Is that yet another thing that we want people to be talking about? So it rolls off their tongue as tea, and it doesn't mean golf <laugh> in, in in a couple years.

Dan Middleton (00:40:59):
Yeah. Yeah. You'd think we get paid by the amount of acronyms we can generate <laugh>, but trusted execution environment is that special part of the architecture where your code is gonna run. Sometimes we also use it informally to mean everything that is running in the T C B for that other a that other acronym within the Trusted Computing base. But we specifically specified that we wanted a hardware based trusted execution environment. Mm-Hmm. <affirmative>. So you can find things that are sort of based a, a loose extension of that would be virtual tpms. So you see virtual tpms more and more in in, in cloud environments. So you've got like a, a virtual machine, and because it's not a physical machine, you don't have a physical tpms, so maybe you have a virtual tpm. And the TPM is, is this tamper resistant chip that you would put on the board. And it's in probably most computers now. But we wanted to make sure that we were specifying something that was very difficult to very difficult for an attacker to get at. So that's why we have hardware-based trusted execution environments.

Doc Searls (00:42:16):
So a TPM is a trusted platform module, yet another <laugh>, TLA <laugh>. Yes. And, and then there's the trusted computing group, T C G. And how does that relate to the ccc, which <laugh>? <Laugh>?

Dan Middleton (00:42:32):
Yeah. So the T C G is a standards body yeah. And they're most closely associated with those trusted platform modules. But they also produce standards that are, that are interrelated. I E T F if you wanna throw, we get another acronym that's another standard's body <laugh>.

Doc Searls (00:42:51):
Most of, I think most of the listener knows what that is the internet engineering task force, but yeah. Yeah. So loose consensus and running code, right? Mm-Hmm.

Dan Middleton (00:43:00):
<Affirmative>. Yeah. So we, we have something there called rats, which isn't so much an acronym as a compression of words for remote attestation. But some of the concepts between remote attestation you can find there. So we, what we try to do as an open source group is interact with these standards groups, interact with other industry groups interact with things like the Homomorphic encryption organization other sort of related technologies, because all these things are better together.

Doc Searls (00:43:33):
I'm wondering if it's possible to belong to, is there a limit to the number of different Linux Foundation foundations that one can belong to <laugh>? I actually, myself joined the Open Wallet Foundation and <laugh>. So, and we've had them on the show too. <Laugh>

Dan Middleton (00:43:50):
<Laugh>. So here's your, your little hack for the day is that you don't have to be a member of any of these Lenox Foundation organizations to be a contributor. It's, you don't need to go sign a membership agreement. You can just show up. So if you wanna learn, you can come sit in on one of our technical council meetings. You can listen to recordings, you can read what we've got up on our webpage, and you can just go directly to a project and try to interact with those project communities.

Doc Searls (00:44:21):
Yeah. <laugh>. So I'm gonna pause here for a second cuz I think we lost Jonathan. Yep. I'm hearing we did. I'm not hearing Jonathan. So, so hold

Speaker 5 (00:44:36):

Doc Searls (00:44:37):

Speaker 5 (00:44:42):
Pause the stop watch

Doc Searls (00:44:47):
<Laugh>. I don't know why. Dealing with my mustache, interfering with my nose hairs at the moment. <Laugh> these things. Ha these things happen. <Laugh>. Maybe that's what happened in Jonathan. I wonder you're gonna actually have lost him, which is I

Speaker 5 (00:45:06):
See him in the meeting, but can you let him know in the irc I'm gonna kick him out of it.

Doc Searls (00:45:13):
Okay. Says you can finish without me. Power is gone. Gone. Wow. Wow. Okay. All right. So <laugh>, I'll come back and explain his unex, explain his absence, because the things happen.

Speaker 5 (00:45:31):
All right. The mic. Here we go.

Doc Searls (00:45:34):

<laugh>. So just to, to bookmark this we have actually lost Jonathan cuz he lost power in in Oklahoma. He's had a problem with this earlier and I can't blame that on his kids, I guess. But it's probably just, it's just that kind of stuff. So so I, I'm wondering, because we have the Lytics Foundation, it's kind of a bigger and bigger topic in, in the sense that it comes up more and more often. So I wanna understand more about how the, the overall ecosystem works there. And, and also, well, I have another question to follow that. So I'm wondering is, is there much play between them? Is there like a, the equivalent of a Slack channel behind all of it where you can cross fertilizer, just all of them are independent enough that mm-hmm. <Affirmative> that, that doesn't matter?

Dan Middleton (00:46:30):
A little of both. So we have an objective in the Confidential Computing consortium this year that those of us that are on the, essentially the steering committee for it, we want to, we wanna be very cognizant about what we're doing, very directed what with what we're doing. And one of those things is to do more cross-pollinization. I happen to be also a maintainer on a CNCF project, the cocoa project that you mentioned. There's no direct connection between Confidential Computing and the, between the consortium and the C N C F, but we've got people who are doing projects in both spaces. And that goes for other parts of the Linux Foundation. So there's also an interesting, also relatively young project called the Open Source Security Foundation, open ssf. And we've got contributors that, that go between the two of those. So right now, I would say that stitching together the fabric across these Linux Foundation projects is, again, people more so than tools, more so than, you know, any particular medium. But we've got people that go between them and wherever we can, we can forge those connections. Usually something interesting arises from it

Doc Searls (00:47:52):
Is is the Open ssf the one that Brian Bell Endorf went to from Hyperledger? Is that Yeah. Or is that a different one? Okay. Nope,

Dan Middleton (00:47:58):
That's the one.

Doc Searls (00:47:59):
Yeah, we've had Brian on the show too. He's a one of, when he is a star in, in, in his own right. Anyway I'm wondering about industries and verticals. When I went to the the C N CF gathering in San Jose a few years ago, I, and I'm thinking cloud native. Okay, cool. This is interesting. Cloud native, and I found out that mostly action was actually about cellular telephony. It was all about getting local storage as 5G rolled out. Now that may, that was several years ago. That may have changed. And, and I'm wondering if with, with, with Confidential Computing, if this appeals to a particular vertical of some kind or a collection of verticals that, like, what, what is a typical environment? If you want a trusted execution environment, what is a typical place that's going to go?

Dan Middleton (00:48:54):
That is a really good question. So it, it goes across, it, it, it probably has most affinity to verticals that are already sensitive about security. So the financial sector they are under different compliance obligations to protect their customer's data. So healthcare would be another one. So there's again some compliance requirements underneath their interest. Blockchain, there's no compliance requirements, but again, there's, there's the opportunity to do something new with security that helps address unique requirements. And then another one would be ai. And this is, you know, you can't have a conversation now without talking about ai. If you go into the gramine project, there's a contribute repository where where people can put things that they've customized so that they know that it works well with gramine. In there you will see Redis and Pie Torch, and if you're involved in ai, those things probably those things mean something to you.

Sorry, I said Redis, but pie Torch, and TensorFlow. We also have Redis in there. And MySQL and, and a few other, and a few other things. But the, one of the use cases that comes up for AI is how can I, in a safe way, send my data in to be processed with a bunch of other people's data? So if Doc is operating a service and he's gonna let people send data in, and it's gonna get mixed together and enhance the learning model, is Doc gonna sit there and look at everybody's medical information, everybody's financial information, you can launch a Confidential Computing environment so that even though doc's running the service, he doesn't get to look inside. So it gives people a trustworthy way that they can send private information into either developed learning models or be processed within already trained models.

Doc Searls (00:51:08):
So I have a, a question about pro Providence. So you talked about at attestation earlier mm-hmm. <Affirmative>, Providence is a term that's come up more often in some of our recent shows. And just in the, in something you hear in the water as it were, does it show up with you guys as well as a, as sort of a, as a cousin of attestation?

Dan Middleton (00:51:30):
It does, and I think this is another one of these areas where it's yet to be developed, and it's an exciting place to be able to come up with something that people haven't defined yet. So we hear a lot about with Providence software, bill of materials, where did these bits come from? Were they properly built? Was there something injected along the way, like with Solar Winds with that attack? And so my thinking is that without a station, you can kind of bookend that entire supply chain. You can identify this was the code that was built 10 days ago on, you know, a server in California, and now that code based on its cryptographic identity is the code that's now being run in Helsinki on some server that you don't have control of.

Doc Searls (00:52:24):
So you, you brought up AI and I lately like I think I, I I, I don't wanna get this wrong, but I think somebody at Open AI may have been somewhere else, said that we, that while they're very pro open source, and as much as they can be open, they can be pro about, they really see open source development as a threat with ai of some kind. And I'm wondering what your thoughts are about that, because I think this is gonna be a gigantic topic in, in development circles over the next coming year, year, or a few.

Dan Middleton (00:52:59):
Yeah. So Intel is really interested in democratizing ai. And maybe one of the ways that that happens is making training models more accessible to more people. And something like Confidential Computing lets people train their own models and still protect them. So it might still be kind of closed source in the sense of, I don't want this model that I have invested in. I don't want to make that widely available. But it does something with the economics where now it's not just one or two or three giant companies that control the most important models. It's more accessible for more companies to create more models without the same sort of economic risk and economic investment.

Doc Searls (00:53:50):
So there's, so Jonathan was talking earlier about his Android and situation with that. I, I have here an iPhone and mm-hmm. <Affirmative>, I wouldn't call it a trusted computing environment. I'd call it a trust me computing environment. Okay. Apple saying, trust us, trust me, I'm Apple, I'm out to help you. I don't have an interest in advertising to you except on our own stuff as it were. But on the other hand, I tend to think that, and I wrote a piece of literature a long time ago about this, that if your privacy in the hands of somebody else, you don't have any. And, and I'm wondering if there's hope in the future that a trusted computing environment is part of what you get with every phone. I mean, these are extensions of ourselves now. And you know, you can't go anywhere without your rectangle in your pocket.

That is an extension of yourself, but it's not yours. It's belongs to Apple or Google in, that's pretty much the world we're in right now. And the open source alternatives, like for purism are, are pretty rare. You have to be a hardcore geek to want one. And, but that was worth having. We're at the mercy as it were, and I'm wondering if there's hope in what's going on with, with your work with the C C C <laugh> and, and the long list of two and three letter acronyms. What the, you know, is, is there hope for that?

Dan Middleton (00:55:21):
Yeah. and I hadn't thought about it in that way before, but n and you don't even need a trusted execution environment on your phone in order for this to be beneficial, because in reality, most of the data that's on your phone is only temporarily resident on your phone. Most of the time it's gonna be up in a cloud server somewhere. So that's where a lot of the Confidential Computing technologies are being deployed. So to the extent that your data, well, temporarily resident on your phone is gonna be resident in the cloud somewhere the benefits of Confidential Computing can be realized through that aspect of it.

Doc Searls (00:56:04):
<Laugh>, just Jonathan has reappeared. So with new lighting, <laugh>,

Jonathan Bennett (00:56:09):
<Laugh> so yeah, I am in the middle of a power outage, interestingly enough, and I have some very nice battery backups. So I now have a cable running across the floor, <laugh> to get over to my camera and my microphone so that I can come back to you with, with some great lighting. Hey, I know we're really close to the end. There is a question I love to get in and I think it would be a great one to hear. Mm-Hmm. <affirmative>, with the Confidential Computing, what is the most unusual thing that you've seen someone do with this? What, what is the use case that someone has come up with that has the most surprised you?

Dan Middleton (00:56:45):
Oh my gosh, that's a tough question. I'm gonna pause for just a sec on that.

Jonathan Bennett (00:56:56):
<Laugh>. Great. The hard questions, <laugh>.

Dan Middleton (00:57:00):
So I, you know, I've, and I've kind of mentioned these because they were top of mind. Poet for me was one of the most interesting things because it didn't focus on confidentiality. So we call it Confidential Computing, but arguably we should have called it integrity computing. So in security we've got the C I A triad, confidentiality, integrity, and availability. Confidential Computing gives you the C and the I, and you have to compose the availability. So what this, this proof of elapse time protocol did was it helped compose availability sort of by road of being a consensus within a blockchain. But then what it really focused on was the integrity. I could trust the output of a program being run on every other blockchain participant's computer because they could not tamper with the program, they could not tamper with the output. And it had almost nothing to do with encryption or confidentiality. So, you know, if there was one really innovative thing I would say for Confidential Computing is don't think about the confidentiality, think about the integrity.

Doc Searls (00:58:16):
That's a good distinction. We are down to down at the end of this thing now, and we always close the two, two questions which are, what are your favorite text editor in scripting language?

Dan Middleton (00:58:28):
<Laugh>? so I have grudgingly come to love them over the years because I can just show up on somebody else's machine and I don't need to like re customize the environment for myself. Yeah.

Jonathan Bennett (00:58:40):

Dan Middleton (00:58:41):
And Python is such a good thing, even for experienced programmers, but for new programmers, you can actually see what's happening with your code live. So I love Python, I love them.

Doc Searls (00:58:57):
I don't even know who did, who did the bell. I know that Jonathan's trying to defeat Bells going off <laugh> when his power went off. It's like, and I'm looking at the ceiling thinking, oh no. Do we have a smoke detector here that's about to go crazy <laugh>? Because in this house they're all connected to each other. So turning off one does not turn off all the other, oh. Anyway, it's one of those, and of course it's smart. That's, that's why it does that <laugh>. It's smart. Yeah. Anyway it has been awesome having you on the show. Dan, we have to have you back to, to talk about how this progresses cuz it's a, it's, it's a, it, i it, it deserves to be a hot topic.

Dan Middleton (00:59:34):
I have loved being here and I would love to come back any other time.

Doc Searls (00:59:37):
It's great. So we'll see you then.

Dan Middleton (00:59:40):
All right. Thanks.

Doc Searls (00:59:41):
And, and <laugh> and Jonathan, you're, it looks, the screen behind you no longer says Hackaday on it. So my guesses says <laugh>, it's showing whatever, whatever default thing is set up for that.

Jonathan Bennett (00:59:56):
Yeah. Who know? I think that's actually, that's the power outage. That's the power outage map behind me there. We're, we're in the, we're in the red. Yes, we're in the red. Meaning that we don't have power still. I didn't even think about that. I, that's in fact, the one screen works, the big TV is not on the battery backup. So it's, it's just interesting around here.

Doc Searls (01:00:14):
Anyway, confidential

Jonathan Bennett (01:00:16):
Computing I, I love that they're working on it with open source. It very fascinating stuff. I am, honestly, I'm looking forward to some, the, the different players coming together with sort of a a shared API that works with this. So, you know, ideally you could have a programmer just write their code once, use some a p i for trusted computing and be able to run it on an intel box, an a M D box, an arm box, a risk five box. You know, there's all these different places that it makes sense to, to have this sort of thing, you know, on Android and on iOS even too. It'd be, it would be great to get those two players in this ballgame too. But from what I understand right now, we're kind of having to, to piecemeal it and, and have different implementations for the different architectures. And so that seems to me like kind of a, a downer for, for, for really pushing this to the next level as far as, you know, making it available for everybody. But at the same time, you know, these extensions are in processors right now. You can go run an intel server with encrypted VMs. You can go run an arm server and do some encrypted stuff with trusted computing. And so there's, it's, it's out there and it's neat and I'm glad we got a chance to let people know about it.

Doc Searls (01:01:37):
Yeah. I, I, I, I love it too, for the, for the fact that they're, they're going about it with open source. I open source seems to me it is the, it is the way, the only way I think maybe that the world has to get along. We get, we depend on tech, tech is gonna utter, utterly, eventually rely on open source to, to work things out.

Jonathan Bennett (01:01:58):
Yeah. If you think about, you think about a technology like this, and there's no way anybody would trust it if it wasn't open, if we couldn't get into it and see what's going on on the inside. It's just, just, just, just there's, it's not trustworthy at all without that part.

Doc Searls (01:02:11):
And I, I noticed that and I don't really, I didn't look at the smaller names in it, but Apple is not in this one. And they're gigantic. And I, I think that that's the, you know, as I called it earlier, the trust be environment or trust them environment that that, and I think there's a, a coming conflict between two mentalities on that. Mm-Hmm. <affirmative> and yeah. And is showing on the video side of this thing, I don't see Apple in there. So it you could show more. Yeah, that's the page I was looking for earlier, general members. But yeah, but there's conspicuous by its absence I suppose. Especially as more, you know, more and more of us come to depend on that, on that company and that platform, it needs to be open, needs to happen. So, so you got stuff the promo there even though you can't show it in your background, <laugh>?

Jonathan Bennett (01:03:05):
No, I won't have, I won't have it in the background. I'm sure Angela had me covered though. So we mentioned Club TWiT and the Untitled Lenox show a lot of fun. But the other place you could find me is and we've got the security column there this week in security goes live every Saturday. I'm about to lose power. I better hurry. So li it goes live every Saturday and then yeah, look forward to the coverage of Dr. O's book coming soon as well. <Laugh>, I gotta go

Doc Searls (01:03:29):
By try. Gotta go by. His beeps going off. Oh my God. He's getting be played off by his own system. <Laugh>. And those you're not seeing as he walked off camera to go turn something off. Anyway, <laugh>, it's still going. Oh boy. Now that's how you end the show, Mr. Sir <laugh>, that's how we end the show. I I but before we go, we go off. I wanna promo next week. It is Greg Crow Hartman. He's back. He was here about six months ago. Greg is an alpha maintainer with with the Linux with the Linux Colonel and, and an extremely interesting, entertaining and fun and useful guy to have on the show. We're really privileged to have him back. So there's Greg k coming up next week. Until then, I'm Doc Searls. We'll see you then.

Jason Howell (01:04:23):
It's midweek and you really wanna know even more about the world of technology.

Mikah Sargent (01:04:27):
So you should check out Tech News Weekly. The show where we talk to and about the people making and breaking the tech news.

Jason Howell (01:04:33):
It's the biggest news. We talk with the people writing the stories that you're probably reading. We also talk between ourselves about the stories that are getting us even more excited about tech News this week.

Mikah Sargent (01:04:42):
So if you are excited, well then join us. Head to to subscribe.


All Transcripts posts