• 22 Posts
  • 82 Comments
Joined 1 year ago
cake
Cake day: August 29th, 2023

help-circle



  • This is a custom built mini PC, with a mini-ITX motherboard and an Intel N100 CPU. It gets powered by a power supply that I got from an old computer. Also, it needs no active cooling, just a heatsink. It almost never gets above 60°C.

    (and yes, it has no case).

    In it I run:

    • Jellyfin
    • All of the *arr stack
    • Pairdrop
    • My website
    • My personal Lemmy instance
    • Immich
    • Pi-Hole
    • Home Assistant
    • Grafana/Prometheus/Node-Exporter stack for monitoring


  • Oh, I missed the L1 in the title. Basically, all the decryption at L1 is happening inside a Trusted Execution Environment. This is a dedicated chip that does all encryption-decryption (among other things). This is why it is so difficult to extract the keys, because they don’t enter the CPU or are stored in RAM, because the dedicated chip handles all of these.

    So I don’t think you can find a guide about this, because if anyone has found even one exploit, they would be keeping it to ourselves, so that it doesn’t get patched.

    Although it is very difficult, I think the only real solution is to reverse engineer a TEE and find an exploit yourself.

    If you manage to do this, please let me know! I am happy to get updates about progress in this topic.





  • VitabytesDev@feddit.nlOPtoSelfhosted@lemmy.worldSelfhosted chat service
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    I know, but for some reason my router does not let me access my domain (with duckdns) when connected to my network. So even if I get certs for the domain, I will not be able to access it. I have set up local DNS entries (with Pi-Hole) to point to my srrver, but I don’t know if it possible to get certs for that, since it is not a real domain.

    EDIT: Fixed it. (See reply for fix)