zlacker

>>gjsman+(OP)
The thing I fear the most with this is "proof that secure boot has never been disabled". This is just a way to brick your device from accessing services.

What if you government's tax service requires such proof? Or bank? I cannot count how many machines I booted on Linux to rescue a hard drive, or image it, or wipe it, or just to install linux on them. All those devices, boom, paperweight for regular personal use.

I hate it so much that Microsoft is alone in this. It's not because it's M$, it's because they're alone on it.

>>tuetuo+CI1
This is already a problem with SafetyNet hardware attestation on Android. Because it's so easy to implement on the app side, everything from banking apps to games is verifying the device is running a blessed system image with a locked bootloader and no root access (read: no access to general-purpose computing).

As a developer of a banking app, I do my best to avoid implementing this user-hostile crap, but not all developers are empowered to say "no" to this requirement and not all care. There is zero benefit to the user to block them from using your services, and I would argue the net benefit is negative to the service. Users aren't hacked via privilege escalation exploits, they are hacked by phishing, and they can be phished on a SafetyNet-compliant device just fine.

>>tadfis+vm2
I really appreciate knowing some devs are out there defending us from the banking app madness. I'd encourage you, given your position, to write a blog post about why device ownership is important and your experiences on how others should consider operating.