alt Hacker NewsMK-TME allows having memory encrypted at run time, and the platform TPM signs an attestation saying the memory was not altered.
Malicious code can't be injected at boot without breaking that TPM.
MK-TME allows having memory encrypted at run time, and the platform TPM signs an attestation saying the memory was not altered.
Malicious code can't be injected at boot without breaking that TPM.
Subject to the huge caveat that the attacker does not have physical access. https://tee.fail/