Weekly Show 422: Hardware Supply Chains And Trusted Execution

In October 2018, Bloomberg published an article making unsubstantiated claims about a supply chain breach in servers.

The story, which Bloomberg stands by but is widely regarded as wrong, draws attention to a significant issue: our technology infrastructure is undergirded by a global supply chain that could be compromised by malicious actors.

This got me thinking about hardware secure enclaves such as:

Intel Trusted Execution Technology (Intel TXT )
Intel Software Guard Extensions (Intel SGX)
ARM Cryptoisland, which includes features for secure manufacturing, implemented as Cryptocell

Today’s show dives into issues around supply chain security and related technologies. My guests are Greg Shipley, Deputy Director at Cyber Reboot, an In-Q-Tel Lab; and Justin Wilder, Vice President at In-Q-Tel.

Our conversation aims to:

Provide a high-level overview of TXT, SGX, etc., and why they matter
Explore how the market has (attempted) to implement some of these approaches, what has worked, and what hasn’t
Examine what trusted execution or similar measures look like in the routing and switching world
Propose some ideas on how to move the whole thing forward

Sponsor: InterOptic

InterOptic offers high-performance, high-quality optics at a fraction of the cost. If you’re not doing optics correctly, you’re going to pay for it upfront (and then later too). Don’t be fooled by lesser optics. The difference between generic third-party and brand-equivalent optics matters. Go to InterOptic.com to learn more.

Sponsor: Cumulus Networks

By building innovative data center products with Linux, Cumulus offers unprecedented interoperability, agility and scale, and makes integrating your open source software with your proprietary software seamless and efficient. To learn more about Cumulus’ open source philosophy and contributions, head to cumulusnetworks.com/openpod.