zlacker

[return to "The Dangers of Microsoft Pluton"]
1. metada+n[view] [source] 2022-07-26 03:50:24
>>gjsman+(OP)
Ew. Why are all the chip manufacturers going along with this stupid plan? I want to buy a processor and then own it and have it work in my best interests, not consume electricity and generatie heat enforcing draconian 3rd party DRM policies.
◧◩
2. Analem+u7[view] [source] 2022-07-26 05:10:37
>>metada+n
The conspiratorial answers here are emotionally satisfying, but ultimately wrong. The reason chip makers and OS vendors are adding this is customer demand, by which I mean enterprises. Companies want remote attestation and guaranteed-immutable OS images on their networks, and I honestly can't say I blame them. In a perfect world they could have it and we could somehow firewall it away from the consumer space entirely, but that's not going to happen.
◧◩◪
3. walter+H8[view] [source] 2022-07-26 05:21:29
>>Analem+u7
On-premise, open-source, customer-owned remote attestation servers are possible. Avoid outsourcing integrity verification to 3rd-party clouds.
◧◩◪◨
4. p_l+Dj[view] [source] 2022-07-26 07:01:15
>>walter+H8
Yes, they are possible... And they are implemented using all the evil things like Secure Boot, TPM, and Pluton.

MS remote attestation doesn't require remote cloud or anything like that, I recall it supporting air-gapped environment from the start (guess why, the top-price enterprise clients want that, including resigning windows with their own secure boot keys).

Disclaimer: for various reasons open source remote attestation in corporate is currently on my roadmap at work

[go to top]