New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Comments
Just wanted to say that @onidel has been great and we've migrated some of our production off-site stuff over to them.
Just using the Singapore and Amsterdam locations now. Particularly happy that they use @RoyaleHosting as an upstream in Amsterdam since we also use them for for DDoS protection of production stuff. Currently our WAF is hosted there with some backend stuff now with Onidel. Keeps things snappy.
I guess I should have checked this thread for coupons or something now that I've gotten 6 VMs with them and two block storage addons.
Me waiting for a HF-1 in SG
Good morning
I'm happy to announce Onidel now fully supports Measured Direct Boot with SEV-SNP in all locations where SEV-SNP is supported. This allows customers to verify the integrity of core system components (uefi/ovmf, kernel, kernel parameters and initramfs) enabling confidential computing workloads.
To make use of this feature, you'll need to enable SEV-SNP on your VM, then create an Unified Kernel Image (UKI) and upload it to our platform. This way the hash of UKI can be included in special OVMF section and later measured by the trusted AMD Secure Processor.
More details here:
https://kb.onidel.com/hc/kb/articles/1781997293-amd-sev_snp-expected-launch-measurement-verification
If you run into any issues, please ensure your guest OS/kernel supports SEV-SNP and if that doesn't solve the problem, then let us know via ticket.
Feedback regarding this feature is also very welcome
I thought the key was some kind of dildo.
What about implementing UKI upload via API? https://developers.onidel.com/ currently lacks this.
Thansk, I can finally store my goon stash sicurely
Thank you for pointing this out. We will add an API for uploading and managing uki kernel images soon.
This is awesome!
One small suggestion is that you may want to disclaim that it does not protect entirely against physical compromise, which is something a lot of users of confidential computing technology don't fully realize.
I fail to understand if this attack is DDR5-only or researchers just skipped DDR4?
It'll work with DDR4 too. In fact, DDR4 is probably easier since it runs at a lower speed. It'll work as long as the memory can be run with an interposer (which can be done with DDR5 all the way to SDR).
Oh yeah I completely missed the link to https://batteringram.eu/
It works with such a cheap interposer because you can configure even DDR5 to run at very low speeds. The BatteringRAM attack only works on DDR4, but could in theory be modified to support DDR5.
This attack does require cooperation with whoever is running the node, though. You can't just splice an interposer into a running system without interrupting it. But if you do have access to the system and root on the node, it allows you to bypass the protections that are supposed to ostensibly prevent anyone at all from accessing the guests unauthorized.
This has been implemented.
Using the API it's now possible to upload the UKI image, then attach the UKI to the VM (
action=attach-measured-boot).@oloke I think you are the first, public provider to implement this.
99% of people, I guess, don't know what that means unfortunatelly.
But it's great for security. And for free? Wow.
A few others have half-heartedly given the option to enable SEV-SNP, but never before with remote attestation correctly integrated (or integrated at all)! It's a wonderful feature.
When I say Onidel is production ready, the above is the solid proof for that.
Long live Onidel!
Next: server livefeed to protecc against physical attacc
@oloke a small comment - https://kb.onidel.com/hc/kb/articles/1781997293-amd-sev_snp-expected-launch-measurement-verification here is says 'Since most SEV-SNP supporting Linux distributions come with dracut initrd generator'...I am running ubuntu 24.04 installed from the template and dracut was not installed, so apt install dracut fixed. Maybe just add a small note in the same section about it.
I'm having bad eyes today or is this two dinos
Yes
Indeed, the switch to dracut by default on Ubuntu came in version 26.04.
Thank you for checking it also works on 24.04.
I added
dracutto the apt command in docs.Oh, I love checking things
Just saw the email about moving from Stripe to Paddle. Trying to understand if there’s implications of this section
Sort of reads to me as though the list price isn’t changing, and from 15 July 2026 tax is on top. Is that the case, or are older customers just going to see a different list price, and from 15 July the tax that was previously included in the price will be removed (lower list price, but neutral cost once we have tax added back at checkout).
Wondering if this is cost neutral…or should I make early renewals/load up some credit.
list price isn't changing - it was tax-inclusive, now it is tax-exclusive.
new customers will have tax added on top of the list price, depend on where the billing address is. AU is 10%, US is 0%, etc
existing customers, will not pay tax on top of the list price until 15 July
so it's better to make early renewals / topup credit now.
hope it makes sense
Yep makes sense, and how I read it. So unfortunately 10% price bump effectively (for me) with the GST.
Any GST for SG?
Change the address yesterday @Murv @oloke
me too - gonna load up one year's credit methinks
Hello, it's @Murv from 67 Totally Real St., Portland, OR
can you prepay an invoice or is that just cloud credit?