Comment by rollcat
3 months ago
> I especially like the better encrypted boot support [...]
For some reason I can't directly reply to transpute's comment, but it's relevant to this thread so here goes:
> Ownerbooted sixos closes this loophole without any "trusted computing" voodoo, eliminating all unencrypted storage except for an eeprom whose hardware write-protect pin is connected to ground [...].
Desolder the EEPROM and read the secrets - the loophole is open wide without a TPM/SEP.
The point of TPM is supposed to be that it makes "yoink the laptop" attacks unviable even for state-level actors, while desoldering and reading the flash is trivial for a hobbyist with cheap tools and some patience.
However this is still an enormous step forward. All of the recent attacks on secure boot chains on Windows[1] and Linux[2] are due to usage of partially-unencrypted core system components in a complex boot chain. Sixos takes the correct approach - minimise the attack surface. All it takes is to stop rejecting the "voodoo" and take what the hardware already offers.
> The point of TPM is supposed to be that it makes "yoink the laptop" attacks unviable even for state-level actors
On the contrary. TPM _is_ an attack in itself. Its result is that control lies not with you as the user but with whoever provided you with the TPM - relative to all software which uses the TPM. And if you can't avoid that kind of software, then the HW providers and the software providers have conspired against you to control your own hardware.
I'm specifically referring to TPM and/or SEP as a key escrow. No other commonly available hardware provides equivalent functionality. No point in going off topic on a philosophical/sociopolitical angle.