zlacker

[parent] [thread] 5 comments
1. smalls+(OP)[view] [source] 2023-07-26 12:33:53
The Browser application needs to pass a binary image check, and if the browser hash doesn't match Google database, you cannot proceed to the website (since your browser may be corrupted). A major big deal for non main-stream browser, and for non Google browser developers, extension developers (eg. AdBlock), etc. In summary, some websites (like banks, Netflix, etc) will no longer be available for non mainstream browser users. Also, even if you're using Google Chrome, you may need to run the latest version to satisfy the hash check. Every day, the number of broken websites will continue growing until all non Google Chrome users have a blocked internet.
replies(1): >>nonane+a6
2. nonane+a6[view] [source] 2023-07-26 13:02:45
>>smalls+(OP)
Can you please explain why a third party browser can’t lie about its hash, just like it can lie about it’s user agent?
replies(4): >>ndrisc+1h >>kmeist+Dl >>throw_+Rn >>ukuina+KC3
◧◩
3. ndrisc+1h[view] [source] [discussion] 2023-07-26 13:46:57
>>nonane+a6
The idea is that an operating system service provides the attestation. In turn, the OS is signed, with the bootloader verifying the signature. The bootloader is also signed, with a hardware chip verifying the signature.

The infrastructure to do signed OS loading is already in place, and on some operating systems (e.g. Android), the OS attestation service is already in place. So everything is mostly in place already to have your browser attest that it is official Google chrome on Google Android on an approved device with a hardware chip that verifies a Google approved boot signature. That hardware chip contains a Google approved private key (a key that's signed by a manufacturer that Google has in turn approved/signed) that can't be extracted, and that's the key that makes the attestation. Replace the hardware boot verify chip with one that will verify software you want, and you lose your attestation key.

They could also make the OS service reach out to a web service to get an attestation that the attestation key hasn't been revoked, so even if someone did physically extract the key from hardware and share it, it could be revoked (assuming each device gets its own key).

In effect, wide use of this kind of thing means that open source software is no longer free since even if you can look at the code, you must be part of the anointed class (i.e. working within our approved by a major corporation) to edit it and run your edits.

◧◩
4. kmeist+Dl[view] [source] [discussion] 2023-07-26 14:04:08
>>nonane+a6
Because the encryption key you need to sign the hash lives in EL3[0] and only Google and ARM can load code there. In order to lie about your hash, you have to break ARM TrustZone, and if you do that you can be sued under section 1201 for trafficking in copy protection circumvention tools. In other words, the law that prohibits you from selling DVD copiers can be used to give literally any bullshit the backing of law.

[0] An ARM exception level that sits above hypervisors and is specifically intended to support trusted execution modes for isolated mini-operating-systems that do this sort of shit

◧◩
5. throw_+Rn[view] [source] [discussion] 2023-07-26 14:13:12
>>nonane+a6
> Can you please explain why a third party browser can’t lie about its hash, just like it can lie about it’s user agent?

Because that thing basically describes a proprietary plugin like Activex, Silverlight or Flash before it, so a third party browser which doesn't have that proprietary tech can't fake it, under pretense of "standard". The code of that plugin will not be open source, worse, it will act as a spyware on people's computers at the OS level.

It's like EME before and these proprietary techs have no place in a open standard spec.

◧◩
6. ukuina+KC3[view] [source] [discussion] 2023-07-27 08:17:45
>>nonane+a6
Because the website is not just asking your browser to attest, the attestation process requires the OS to send verification.
[go to top]