zlacker

[parent] [thread] 3 comments
1. mjg59+(OP)[view] [source] 2022-01-09 04:29:23
It sounds like they're using UEFI capsule updates for the firmware, so it'll actually be easy to perform the updates under other operating systems - Microsoft just won't have any mechanism to compel you to do so.
replies(2): >>shmerl+e >>userbi+tk
2. shmerl+e[view] [source] 2022-01-09 04:32:52
>>mjg59+(OP)
Then it won't be a big problem I guess.

Though having a blob firmware from MS embedded into the CPU itself feels kind of weird. A better way to do it was some third party handling it or requiring that firmware to be open source for example.

3. userbi+tk[view] [source] 2022-01-09 08:18:42
>>mjg59+(OP)
The "mechanism to compel you to do so" will be in the form of remote attestation, as some of the other comments here have mentioned.
replies(1): >>mjg59+2q
◧◩
4. mjg59+2q[view] [source] [discussion] 2022-01-09 09:18:55
>>userbi+tk
I don't think I understand your threat model here. In the dystopian remote attestation future, presumably nobody's going to grant you access unless you're running Windows, at which point Microsoft can impose arbitrary policies without needing to involve Pluton at all (all it would do in this case is verify that you're running Windows, and you can already make that determination using a traditional TPM). So under what circumstances would you find yourself unable to gain access to a remote resource unless you're willing to accept a firmware update that changes Pluton's behaviour in a user-hostile way?
[go to top]