zlacker

[parent] [thread] 3 comments
1. EvanAn+(OP)[view] [source] 2023-07-26 18:10:42
> The attester will attest whatever they want. They can evolve to match the further degradation of user freedoms.

Agreed. Eventually the attestor will be measuring “proof of life” with the camera, for example.

“Please drink verification can” isn’t too far down that road either.

replies(1): >>derefr+Er
2. derefr+Er[view] [source] 2023-07-26 19:55:25
>>EvanAn+(OP)
> Agreed. Eventually the attestor will be measuring “proof of life” with the camera, for example.

Ultimately, it's all just instructions being sent to your computer to be executed, and "your computer" is whatever you say it is. Everything (e.g. Intel SGX et al) can be emulated in a sandbox. That's how modern DRM is defeated.

replies(1): >>ddalex+zX2
◧◩
3. ddalex+zX2[view] [source] [discussion] 2023-07-27 14:00:10
>>derefr+Er
Not if the HW has baked in private keys that you can't read, but which are known to the attester.
replies(1): >>derefr+y4g
◧◩◪
4. derefr+y4g[view] [source] [discussion] 2023-07-31 15:25:09
>>ddalex+zX2
Even in that case, your computer is still an arbitrarily-programmable Turing machine; it contains this one hardwired + proprietary component that the remote end is looking to speak to, but that component isn't in control of the system; rather, it's controlled by the system. This just moves the job of deception one target over. Rather than just turning the logic sent by the remote end into a "brain in a vat" fed a false reality by your Cartesian https://en.wikipedia.org/wiki/Evil_demon of a custom OS, you also turn its local emissary, the DRM TPM chip, into another "brain in a vat" fed lies by an enclosing evil-demon hardware platform.

The only way this attack can even be avoided in principle is to restrict distribution of the DRM TPM chip — ala Nintendo's NES CIC lockout chip that never left Nintendo's hands except in the form of finished first-party-assembled game cartridges. But even that only prevents mass production and sale of devices that defeat your DRM; any sufficiently motivated attacker can still buy a legitimate device from you that includes the DRM TPM chip, rip the DRM TPM chip out, and feed it to their evil-demon hardware to enable it to faithfully attest a lie over the network.

In short: if this was truly a practical additional layer of defense, there'd be tons of use-cases for it — game consoles, set-top boxes, kiosk computing (e.g. ATMs), etc.

But you don't see anyone using DRM TPM chips for these systems, because it's not a practical additional layer of defense: such chips would increase BOM for these systems, while only defending against attacks that weaker defenses (namely software DRM, or programmable-firmware DRM like Intel SGX) already defend against; and while not doing anything more to stop the truly motivated attackers than current layers of defense already do — as your Netflix pirate media-scraping bots, your EVE Online gold-farming bots, etc. all have the monetary incentive and capital to invest to build exactly these evil-demon systems.

[go to top]