Comment by microtonal

Comment by microtonal 6 days ago

2 replies

View on Hacker News

There are genuine positive applications for remote attestation. E.g., if you maintain a set of servers, you can verify that it runs the software it should be running (the software is not compromised). Or if you are running something similar to Apple's Private Compute Cloud to run models, users can verify that it is running the privacy-preserving image that it is claiming to be running.

There are also bad forms of remote attestation (like Google's variant that helps them let banks block you if you are running an alt-os). Those suck and should be rejected.

Edit: bri3d described what I mean better here: https://news.ycombinator.com/item?id=46785123

direwolf20 6 days ago

I agree that DRM feels good when you're the one controlling it.

Reply View 0 replies
egorfine 4 days ago

> There are genuine positive applications for remote attestation

No doubt. Fully agree with you on that. However Intel ME will make sure no system is truly secure and server vendors do add their mandatory own backdoors on top of that (iLO for HP, etc).

Having said that, we must face the reality: this is not being built for you to secure your servers.

Reply View 0 replies