awithrow 5 days ago

If you're going to flame it you might as well point out something concrete you don't like about it.

Reply View 9 replies
  • LooseMarmoset 5 days ago

    "The OS configuration and state (i.e. /etc/ and /var/) must be encrypted, and authenticated before they are used. The encryption key should be bound to the TPM device; i.e system data should be locked to a security concept belonging to the system, not the user."

    See Android; or, where you no longer own your device, and if the company decides, you no longer own your data or access to it.

    Reply View 8 replies
    • ahepp 5 days ago

      https://0pointer.net/blog/authenticated-boot-and-disk-encryp...

      Yes, system data should be locked to the system with a TPM. That way your system can refuse to boot if it's been modified to steal your user secrets.

      Reply View 6 replies
      • blueflow 5 days ago

        ... and it will also refuse to boot if it has been modified by the user.

        Preventing this was the reason we had free software in the first place.

        Reply View 2 replies
      • microthief 5 days ago

        And if Linux$oft suddenly decides every user's system needs a backdoor or that every system mus automatically phone home with your entire browsing data, then, well, too bad, so sad of course!

        Jesus.

        Reply View 2 replies
    • mariusor 5 days ago

      I mentioned it somewhere else in the thread, and btw, I'm not affiliated with the company, this is just my charitable interpretation of their intentions: this is not for requiring _every_ consumer linux device to have attestation, but for specific devices that are needed for niche purposes to have a method to use an open OS stack while being capable of attestation.

      Reply View 0 replies