Comment by edg5000
1 day ago
> We need a hardware attestation vendor
We never had one on desktop; no real issues. Hardware attestation is primarily in the interest of the vendor, not the user. The user relies on chains of trust. This is how the world works.
This is because of legacy. And even now lots of people assemble and build PC.
My worry is one fine day Microsoft, Samsung Apple, and Google (rest of SV Media companies like Netflix etc) will join hands in bringing security and force a ChromeOS or macOS type totally- we decide everything for you.
But that's exactly why I advocate that the hardware attestation module be separate from the computing device - so I can be in control of what and when I attest, not the vendor.
Can you elaborate. Say I buy parts myself and install a fully FOSS OS on my machine. Let's say I want to access my bank, and they demand attestation. You propose I'd buy an off-the-shelf, universal attestation module of my chosing (free market). But how would that work from an implementation standpoint? How would the module help put e.g. my bank at ease?
Those actually exist. Yubikeys, Nitrokeys (complete FOSS FW) or bank-approved code generators (For Germany these exist: https://www.reiner-sct.com/tan-generatoren/) are basically that. They provide independent assessment. So regardless of the OS or the browser both parties can make secure transactions.