Comment by 9NRtKyP4

Comment by 9NRtKyP4 5 days ago

35 replies

View on Hacker News

Remote attestation is another technology that is not inherently restrictive of software freedom. But here are some examples of technologies that have already restricted freedom due to oligopoly combined with network effects:

* smartphone device integrity checks (SafetyNet / Play Integrity / Apple DeviceCheck)

* HDMI/HDCP

* streaming DRM (Widevine / FairPlay)

* Secure Boot (vendor-keyed deployments)

* printers w/ signed/chipped cartridges (consumables auth)

* proprietary file formats + network effects (office docs, messaging)

cwillu 5 days ago

It very clearly is restrictive of software freedom. I've never suffered from an evil maid breaking into my house to access my computer, but I've _very_ frequently suffered from corporations trying to prevent me from doing what I wish with my own things. We need to push back on this notion that this sort of thing was _ever_ for the end-user's benefit, because it's not.

Reply View 10 replies
  • Gigachad 5 days ago

    Remote attestation seems more useful for server hosts to let VPS users verify the server hasn’t been tampered with.

    Reply View 0 replies
  • UltraSane 5 days ago

    YOU can use remote attestation to verify a remote server you are paying for hasn't been tampered with.

    Reply View 2 replies
    • direwolf20 4 days ago

      This happens much less frequently than the manufacturer of "my" computing device verifies that I haven't tampered with it. On net, it's a wholesale destruction of user freedom.

      Reply View 1 reply
      • UltraSane 4 days ago

        "it's a wholesale destruction of user freedom." This is ridiculously hyperbolic language for what are basically fancy digital signatures. There is nothing stopping you from using two different systems, one that passes attestation and one that doesn't.

        Reply View 0 replies
  • avadodin 5 days ago

    To play devil's advocate, I don't think most people would be fine with their car ramming into a military base after an unfriendly firmware update.

    However, I agree that the risks to individuals and their freedoms stemming from these technologies outweigh the benefits in most cases.

    Reply View 5 replies
    • rpcope1 5 days ago

      The better question then is why the actual f** can an OTA firmware update touch anything in the steering or powertrain of the car, or why do I even need a computer that's connected to anything, and one which does more than just make sure I get the right amount of fuel and spark, or why on earth do people tolerate this sort of insanity.

      Reply View 0 replies
    • hsbauauvhabzb 5 days ago

      If a malicious update can be pushed because of some failure in the signature verification checks (which already exist), what makes you think the threat actor won’t have access to signing keys?

      This is not what attestation is even seeking to solve.

      Reply View 3 replies
      • avadodin 4 days ago

        Firmware upgrades don't need to use the same protocols. Without secure boot any applet can take a security hole escalate and persist until you take a trip to a zone of interest. With secure-boot+attestation, the vendors can choose not to let you download the latest map data, report you to the authorities, etc.

        Why do people take DA as "Hail Satan" anyways.

        Reply View 2 replies
myaccountonhn 5 days ago

It's interesting there's no remote attestation the other way around, making sure the server is not doing something to your data that you didn't approve of.

Reply View 3 replies
9NRtKyP4 5 days ago

The authors clearly don’t intend this to happen but that doesn’t matter. Someone else will do it. Maybe this can be stopped with licensing as we tried to stop the SaaS loophole with GPLv3?

Reply View 0 replies
digiown 5 days ago

I am quite conflicted here. On one hand I understand the need for it (offsite colo servers is the best example). Basic level of evil maid resistance is also a nice to have on personal machines. On the other hand we have all the things you listed.

I personally don't think this product matters all that much for now. These types of tech is not oppressive by itself, only when it is being demanded by an adversary. The ability of the adversary to demand it is a function of how widespread the capability is, and there aren't going to be enough Linux clients for this to start infringing on the rights of the general public just yet.

A bigger concern is all the efforts aimed at imposing integrity checks on platforms like the Web. That will eventually force users to make a choice between being denied essential services and accepting these demands.

I also think AI would substantially curtail the effect of many of these anti-user efforts. For example a bot can be programmed to automate using a secure phone and controlled from a user-controlled device, cheat in games, etc.

Reply View 1 reply
  • yencabulator 5 days ago

    > On one hand I understand the need for it (offsite colo servers is the best example).

    Great example of proving something to your own organization. Mullvad is probably the most trusted VPN provider and they do this! But this is not a power that should be exposed to regular applications, or we end up with a dystopian future of you are not allowed to use your own computer.

    Reply View 0 replies
Foxboron 5 days ago

> * Secure Boot (vendor-keyed deployments)

I wish this myth would die at this point.

Secure Boot allows you to enroll your own keys. This is part of the spec, and there are no shipped firmwares that prevents you from going through this process.

Reply View 15 replies
  • LooseMarmoset 5 days ago

    Android lets you put your own signed keys in on certain phones. For now.

    The banking apps still won't trust them, though.

    To add a quote from Lennart himself:

    "The OS configuration and state (i.e. /etc/ and /var/) must be encrypted, and authenticated before they are used. The encryption key should be bound to the TPM device; i.e system data should be locked to a security concept belonging to the system, not the user."

    Your system will not belong to you anymore. Just as it is with Android.

    Reply View 3 replies
    • tadfisher 5 days ago

      Banks do this because they have made their own requirement that the mobile device is a trust root that can authenticate the user. There are better, limited-purpose devices that can do this, but they are not popular/ubiquitous like smartphones, so here we are.

      The oppressive part of this scheme is that Google's integrity check only passes for _their_ keys, which form a chain of trust through the TEE/TPM, through the bootloader and finally through the system image. Crucially, the only part banks should care about should just be the TEE and some secure storage, but Google provides an easy attestation scheme only for the entire hardware/software environment and not just the secure hardware bit that already lives in your phone and can't be phished.

      It would be freaking cool if someone could turn your TPM into a Yubikey and have it be useful for you and your bank without having to verify the entire system firmware, bootloader and operating system.

      Reply View 1 reply
      • account42 5 days ago

        Banks do this because they can. If most consumer devices did not support the tech they would not be able to.

        Reply View 0 replies
    • charcircuit 5 days ago

      Then work with the bank to prove the signer is trustworthy.

      Reply View 0 replies
  • yjftsjthsd-h 5 days ago

    > This is part of the spec, and there are no shipped firmwares that prevents you from going through this process.

    Microsoft required that users be able to enroll their own keys on x86. On ARM, they used to mandate that users could not enroll their own keys. That they later changed this does not erase the past. Also, I've anecdotally heard claims of buggy implementations that do in fact prevent users from changing secure boot settings.

    Reply View 3 replies
    • teddyh 4 days ago

      “buggy”

      Reply View 2 replies
      • yjftsjthsd-h 4 days ago

        Don't get me wrong, I'm happy to attribute a lot of malice to Microsoft, but in this case I really do believe that it was incompetence. Everything I've ever read about 90%+ of hardware vendors is that shipping hilariously broken firmware is an everyday occurrence for them.

        (This is separate from Windows RT, of course)

        Reply View 1 reply
        • NekkoDroid 4 days ago

          This reminds me of when I enrolled only my own keys into a gigabyte AB350 and I just soft-bricked it because presumably some opt-rom required MS keys.

          I exchanged it for an Asrock board and there I can enable secure boot without MS keys and still have it boot cuz they actually let you choose what level of signing the opt-rom needs when you enable secure boot.

          What I want to say with this is that it requires the company to actually care to provide a good experience.

          Reply View 0 replies
  • digiown 5 days ago

    > Secure Boot allows you to enroll your own keys

    UEFI secure boot on PCs, yes for the most part. A lot of mobile platforms just never supported this. It's not a myth.

    Reply View 4 replies
    • Foxboron 5 days ago

      Phones don't implement UEFI.

      Reply View 3 replies
      • seba_dos1 5 days ago

        Most don't, but they're usually equivalently locked down nevertheless.

        Reply View 2 replies
  • 201984 5 days ago

    What about all those Windows on ARM laptops?

    Reply View 0 replies
  • Brian_K_White 5 days ago

    I wish the myth of the spec would die at this point.

    Many motherboards secure boot implimentation violates the supposed standard and does not allow you to invalidate the pre-loaded keys you don't approve of.

    Reply View 0 replies