-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
Mullvad encrypted DNS is also available to all - whether paying for VPN services or not.
In addition they also support optional content blocking[1] via blocklists, just set the desired TLS/HTTPS DNS server.
[1] https://github.com/mullvad/dns-blocklists
More info about stboot is available here: https://www.system-transparency.org/
and here:https://git.glasklar.is/system-transparency/core/system-tran...
The second link talks about network boot mode and signature validation.
They have open sourced a good deal of the infrastructure:
https://github.com/mullvad/system-transparency
Okay, if we are switching the topic now to AMD's memory encryption, I'll bite, too.
First: Only Ryzen PRO or EPYC models support it, which kind of kicks out all mobile or laptop systems already. Then, only Zen3 CPUs work, because previous generations have a boot freeze bug, which wasn't fixed and upstream linux 5.15 as a result disabled the mem encrypt flag by default.
Second: Before you switch topic to SEV, that's only supported for EPYC models, see here [2]
Regarding attacks: At least AMD had an injection attack problem where SEV in EPYC 7xxx and 3xxx processors was confirmed to be affected without AMD confirming the vulnerability (yet...). It was a master thesis iirc from a guy in luebeck.
There are also known sidechannel attacks which void RAM encryption in practice, like Hertzbleed which used frequency scaling to decrypt ECDSA and PIKE SIDH (which is meanwhile known to be unsecure, at least for PIKE). [3]
Google also did an audit on Intel's TDX where they found bugs in loop boundaries, off by one errors and similar feasible attack methods (which haven't been published as a PoC yet, so I grant you that). [4]
So I would still argue that with these very narrow set of available processors (Intel Pro 13th generation for TME and EPYC 7xxx that have both SME and SEV) is highly limited in its availability and also not available for laptop hardware due to them being server CPUs.
Additionally there's been a lot of attack surfaces that have been proven to have access to SME or SEV stored keys in the CPU and there have been other sidechannel attacks which conceptionally are very unlikely to be fixed anytime soon.
So I would still argue that memory encryption in practice is unreliable.
[1] https://lists.freedesktop.org/archives/amd-gfx/2021-October/...
[2] https://github.com/AMDESE/AMDSEV/issues/1
[3] https://www.hertzbleed.com/
[4] https://services.google.com/fh/files/misc/intel_tdx_-_full_r...
Edit: found the AMD injection attack thesis:
[01] https://www.its.uni-luebeck.de/fileadmin/files/theses/MA_Luc...
Another attack on SEV, which was confirmed by others since the USENIX conference. Both of the techniques rely heavily on pattern matching to find the decryption oracles though, and around 16 bytes for their OpenSSH demonstrations.
[02] https://www.its.uni-luebeck.de/fileadmin/files/theses/MA_Luc...
[02]