Comment by seba_dos1

10 hours ago

I never mentioned users having to know things (what you quoted was about the user getting informed whether their system is compromised, which is the job of a secure boot chain). The user being in control means that the user can decide who to trust. The user may end up choosing Google, Apple, Microsoft etc. and it's fine as long as they have a choice. Most users won't even be bothered to choose and that's fine too, but with remote attestation, it's not the user who decides even if they want to. And we don't need random developers looking at our devices to consider them trustworthy, it's none of their business and it's a big mistake to let them.

1 comment

seba_dos1

Reply
Avamander  8 hours ago

> what you quoted was about the user getting informed whether their system is compromised, which is the job of a secure boot chain

User being informed means they have to know what a compromised system would entail. That alone is a huge and frankly impossible thing to expect from regular people.

> Most users won't even be bothered to choose and that's fine too, but with remote attestation, it's not the user who decides even if they want to.

> And we don't need random developers looking at our devices to consider them trustworthy, it's none of their business and it's a big mistake to let them.

Then you can't demand those developers trust your device.