zlacker

[parent] [thread] 3 comments
1. fleven+(OP)[view] [source] 2022-07-30 01:20:52
If I want to buy a device that can generate a proof I can share with others to increase their trust in me, you shouldn't be able to stop me. Implemented properly, these machines can still boot whatever custom software you want; you don't have to share the proof of what booted with anyone.
replies(2): >>grishk+s >>nulbyt+4P
2. grishk+s[view] [source] 2022-07-30 01:26:54
>>fleven+(OP)
I'm not saying that secure boot is inherently a bad idea. It's a good idea but only if all signing keys are treated equally. Right now, they aren't. AFAIK modern motherboards, those of them that use UEFI, come with Microsoft keys preloaded — and that preferential treatment is the part that's not okay. In an ideal world, all devices that support secure boot should come with a completely empty keystore so that you could either trust Microsoft keys or generate your own key pair and trust that. Possibly re-sign the Windows bootloader with it even.

It's much, much worse with mobile devices. You can re-lock the bootloader on a Pixel with your custom key, but you still can't touch TrustZone and you'll still get a warning on boot that it's not running an "official" OS build.

replies(1): >>mindsl+a01
3. nulbyt+4P[view] [source] 2022-07-30 13:28:41
>>fleven+(OP)
You are correct, but I think that misses the point: Neither you nor I should be forced to buy only devices that run specified software as determined by a third-party. You are making this out to be a choice, that if it's available and you want it, you should be able to buy it. However, the worry is not over a choice to buy such devices, but over a mandate that only such devices be available and no others.
◧◩
4. mindsl+a01[view] [source] [discussion] 2022-07-30 15:05:09
>>grishk+s
This logic works for software signing, but not remote attestation. For remote attestation, the "tamper-proof-ness" is the root of the trust chain, and the signing keys are individually baked into the specific piece of hardware and not controlled by a third party. You seem to be hoping that we can disrupt that chain of trust by having manufacturers not record the public keys associated with each piece of hardware (such that individuals could create their own signing keys on open hardware), but that's just not going to happen.
[go to top]