Comment by Dylan16807
14 hours ago
> but you know this is a non-secure-(enough) env.
No I do not. It is plenty secure compared to a corporate version and nobody should be legally able to deny service over me having control over my own computer.
Needing the entire OS to be secure to protect a key is also a dumb idea in general.
> Needing the entire OS to be secure to protect a key is also a dumb idea in general.
This is the final step in the road to full remote attestation, thankfully PCs already come with Microsoft Pluton chips[1] to make it easier.
[1] https://learn.microsoft.com/en-us/windows/security/hardware-...