Comment by eqvinox

Comment by eqvinox 5 hours ago

0 replies

View on Hacker News

A physical server can use all the same mechanisms a VM in a cloud can use (worst case put your stuff in a single "confidential" VM), but can also rely on physical control of the machine. But there is no longer a 3rd party cloud operator in a pre-privileged position to exploit VMM or CPU vulnerabilities.

It is essentially by definition more secure than a VM anywhere.

I wouldn't "fully" trust it without going on-prem though. But trust isn't binary either; container < VM < hosted machine < on-prem machine. That's all there is to this.