Comment by judge2020
4 years ago
> Or we could just regulate it and then this consumer-hostile issue wouldn't exist.
But I specifically want a device that only runs code from another company. Why should the government say “only enterprises can establish this absolute security trust relationship with their hardware vendor”?
If changing this permission requires root access then malware can only access it after they have obtained root access to your machine basically after you have already lost.
It this seems too insecure one could gate such a feature behind a physical switch on the device.
If this is indeed still not secure enough one could require a physical switch AND a password or token ensuring that the person physically holding the device can still be restricted by the owner in case the two aren't one in the same while providing all owners absolute privilege on their own hardware.
Secure boot works fine on PCs -- it's not all or nothing.