Comment by jon-wood
6 hours ago
> There is only one use for this technology right now, and it is to prevent people from doing what they want to do with the devices they own.
Well, that and making it possible to deploy devices you own in environments where they might be physically accessible to people you don't want extracting credentials from them. Or for ensuring people can only access sensitive company information on company issued devices rather than being able to casually make a copy of any data they have access to somewhere else. Or using a phone as a credit card payment terminal without the possibility of displaying one payment amount on screen and authorising for a different amount.
I'm quite firmly in favour of anything I own giving access to the data it's generating in an open format but screaming about how there's no legitimate use for attestation is quite simply nonsense.
> Or using a phone as a credit card payment terminal without the possibility of displaying one payment amount on screen and authorising for a different amount.
It only attests that the device booted normally (locked bootloader, factory firmware, etc.). Any kind of post-boot compromise (whether it's from malware or something user-initiated) goes completely undetected and does not impact attestation status.
Sure, it’s one element in a defense in depth. You ensure that post boot it’s not possible to manipulate what’s being loaded, and then you ensure that during boot the OS in the expected state for that to be true. It’s not a panacea but it is an important part of the process.