zlacker

As I said: "unless what you are really up in arms about is a lack of a verified boot chain (which absolutely does not require remote attestation)". None of what you are talking about requires the attestation piece, only the verified boot chain (which supports codesign through to whatever layer you wish to protect).

The goal of remote attestation is only to be able to prove to a third party that your device is "secured", which does not benefit the user in any way other than awkward/indirect stuff like where in the Google proposal they argue that users have a "need" to prove to a website that they saw an ad (to get free content).

>>saurik+(OP)
Verified boot chains are one thing, but say you're a bank and you wish to reduce the rate of people falling victim to malware that uses kernel-level privileges to snoop out credentials. The user benefits (at least from your perspective as the bank) from being less impacted by fraud as the banking website will no longer even let the user enter their credentials.

Either you build a massive database of "known good" combinations of hardware, OS, kernel modules versions and corresponding TPM checksums, or you leave that job to a third party - and that is what remote attestation is at its core. Apple has it the easiest there, they control everything in the entire path, while Google has to deal with a myriad of device manufacturers.

Note I massively dislike the path that more and more applications take to restrict user freedom, but I do see why corporations find it appealing.