zlacker

[parent] [thread] 3 comments
1. Showal+(OP)[view] [source] 2023-07-19 05:51:22
>6.1.1. Secure context only Web environment integrity MUST only be enabled in a secure context. This is to ensure that the website is not spoofed. Todo

do they realize that you can use a custom certificate / patch the check routines? I don't think they quite realize what they are even suggesting.

replies(1): >>kevinc+X12
2. kevinc+X12[view] [source] 2023-07-19 17:47:17
>>Showal+(OP)
You are the one being naive. This will be a cryptographically signed stack from the TPM, to the bootloader to the OS to the browser. If you flip a single bit away from the "approved" that signature will fail.
replies(1): >>chii+7Cf
◧◩
3. chii+7Cf[view] [source] [discussion] 2023-07-24 02:51:51
>>kevinc+X12
This is why TPM should never have been allowed. It's a way for control to be removed from the user, even tho they wholly own the physical machine!
replies(1): >>kevinc+Yng
◧◩◪
4. kevinc+Yng[view] [source] [discussion] 2023-07-24 10:27:17
>>chii+7Cf
I'm not sure about this. TPMs can provide valuable features such as non-bruteforcable disk encryption and other secret management and secure boot can be valuable protection for your devices. The real problem here is that this is allowing a third-party to verify what software you are running. Doing these things on my device by my choice is one thing. Having another party require that I am using a specific unmodified software stack is another.
[go to top]