zlacker

Everything needed to lock down your computer as much as a phone already exists, there's no need for a TPM or Pluton to do so.

>>mjg59+(OP)
There's a huge difference between "exists" and "is now commonly available and made easier to use". The frog-boiling is slow, but an increasingly large number of us are becoming aware of this new rise of corporate authoritarianism, and we know how it will end if we do not fight it as hard as we can.

>>userbi+t1
All Microsoft need to do to block other operating systems from PCs is change their policy around secure boot. All they need to do to prevent unsigned apps from running is change the default behaviour of Windows. The code exists. It's deployed. It's commonly available.

>>mjg59+Q1
They need to boil the frog slowly enough that most people won't realise until it's too late.

>>mjg59+Q1
Pluton will likely close OEM/firmware security holes that could be used to escape such policy.

>>userbi+r2
I don't think that analogy works here, since the things we're worried about are binary states. Either you can run arbitrary software, or you can not, etc.

>>mjg59+Q1
Yup, it's that close. I'm honestly happy there's an outrage ahead of releases of chips like that. Some systems did get secureboot locked down. Maybe we get the policy we got exactly because people are still outraged.

I'll take that any day over ms+Intel releasing a t2-equivalent + SB combo as required in all new certified laptops and people realising too late.

>>Karuna+S3
Perhaps a better analogy then is securing the noose around the neck of the prisoner, but not yet releasing the trapdoor.

>>transp+Y2
Via what mechanisms? Nothing we currently know about Pluton would enable it to do anything like that, as far as I can tell.

>>mjg59+v5
not much detail, but slide 12 claims: https://www.platformsecuritysummit.com/2019/speaker/seay/PSE...

> Pluton validates and boots Security Monitor

> Security Monitor validates and boots the Linux Kernel

> Application Signatures are verified by SM and Pluton before Linux Kernel loads an application

>>mjg59+(OP)
We want there to be less ways of doing that. The fact that one way already exists doesn't mean that we should be okay with more. The desired end goal is that eventually there's zero ways to do this, and we'll never get there if we keep moving in the wrong direction and justify it by not already being there.

>>transp+i8
This design still relies on prior stages of the boot process handing stuff over to Pluton - if there are vulnerabilities in the OEM firmware, they're still going to be exploitable in this model.

>>dane-p+U4
...and the people who work on "progressing" this technology are helping to make the nooses better and also putting them on their own necks. (I've used that analogy before. I think it's a great one.)

>>mjg59+(OP)
...no? How would MS force me to install an AGESA update that supposedly restricts me in booting unsigned code? That's where the newly announced remote attestation comes in.

On the other hand, on PCs with Pluton chips they can change their minds any second.

>>no_tim+wG
The described functionality of Pluton doesn't allow it to prevent you from booting unsigned code. Your system firmware would need to ask Pluton for permission, and if it doesn't do so then no number of Pluton firmware updates is going to make it able to prevent that.

>>mjg59+EI
On a second though, you are right. I mentally confused "not being able to boot unsigned code" and them being able to make booting unsigned code as useless as possible through attestation (possibly no internet, no DRM'd software, legally acquired or not)