zlacker

Fork chromium and have it return true. Problem, websites?

replies(3): >>progbi+Z >>jabban+l1 >>blibbl+sP

>>freeon+(OP)
It doesn't return boolean but an attestation certificate that the server can validate before sending you any content.

>>freeon+(OP)
It's signed?

Sure you can fake the results of an attestation in your fork, but your fork would be using your own key to sign the response, a key that the site can reject.

replies(1): >>freeon+4s

>>jabban+l1
Ah, we’ll also have to extract the key from chrome. It’s no worse than WideVine.

replies(4): >>jabban+nv >>gray_-+dJ >>jaunty+541 >>rezona+Gi1

>>freeon+4s
Has that been extracted already? I have to admit I'm behind on the current state of browser DRM...

Also I wonder if in the future this would require attestation of the entire chain: secure UEFI validated by key burned in CPU, validates secure boot os that prevents "hacking tools", which validates secure Chrome, which attests secure websites...

Truly royally screwed at that point...

replies(1): >>charci+bL

>>freeon+4s
There is no key in chrome, the signing is done via a 3rd party server.

>>jabban+nv
The current state of DRM is that you have to find a hardware vulnerability in order to extract a certificate. With this you can now decrypt DRM content, but you have to be careful not to get that key blacklisted.

>>freeon+(OP)
it doesn't help

the TPM does the attestation of the entire running environment, starting with firmware, through the OS, through the browser all the way down to the website

>>freeon+4s
I don't believe any of the HD widevine keys have been revealed.

I would practically guess the keys that did get revealed were deliberately leaked, low stake keys, that keep people still willing use to use widevine platforms at low res without being angry.

>>freeon+4s
No, you'll need to extract the TPM secureboot keys from Microsoft headquarters. Good luck with that