zlacker

I think this is about securing data/keys (AES, TLS, TPM..) vs securing code (Secure Boot, TEEs..). Neither is really a threat to software freedom as I see it, as long as it's user controlled or can be rendered effectively inactive.

The thorniest question I think is around TEEs. You either trust ME/PSP/mobile TEEs for their explicitly mentioned uses (fTPM, SVM, Remote attestation..) or you think they should be even more sandboxed or perhaps shouldn't exist at all. I'm all for the middle ground/option here where the user is in control, thought others may disagree. Remote attestation could be a case where the user is losing control, so preserving user control there is important.