Comment by eptcyka
9 hours ago
Yea, but it'd be real nice if we could trust the software we run on our own devices, no?
Secure boot with software attestation could also be used for good.
9 hours ago
Yea, but it'd be real nice if we could trust the software we run on our own devices, no?
Secure boot with software attestation could also be used for good.
Only if I get to set the keys or no keys - under all circumstances.
There should be a physical button inside the case labeled "set up secure boot"
Just like with HTTPS, you can enrol your own keys in the TPM module, or sign your binaries with a key thats already trusted by your system.
This is just establishing chain of trust, and does not prevent you from doing anything on your system.
True, this could be hypothetically extended to disallow booting third party binaries, but I would say that's just extrapolation for now and not reality.
under the doctrine that software "trust" is needed YOU are the attacker. It's entirely about stripping your control (thus ownership) from the hardware you paid for (see the safetynet shitshow).