top | item 33559209

(no title)

chousuke | 3 years ago

The problem is that a secure, verifiable computing environment is also important for your privacy.

If you use this system with free software components, the dystopia won't materialize. It's the lack of transparency with proprietary components that causes problems.

discuss

bayindirh|3 years ago

The problem is not the secure boot itself, but how the designer, primary enforcer, primary CA and key control authority of said system is the worst imaginable candidate on the whole universe (and possibly beyond).

josephcsible|3 years ago

Sure, it's important that I can verify what my computer is running. But it's also important that the MAFIAA et al. cannot. If there were some way of guaranteeing that attestation could only work for the owner, then I'd support it, but if that's not possible, then I'd rather it not exist at all.

hulitu|3 years ago

Remote atestation? Why ?

bayindirh|3 years ago

For example, I use my SIM embedded digital signature on my mobile phone. Being able to verify that it’s not altered with, and being able to verify this state with a remote secure entity sounds nice.

Assuming you can select/provide the baseline state to be verified against, I fail to see how this is harmful.

Of course this can be used to force “desired configuration” on anyone, but this is a social problem rather than technical.