Comment by hsbauauvhabzb

Comment by hsbauauvhabzb 5 days ago

3 replies

View on Hacker News

If a malicious update can be pushed because of some failure in the signature verification checks (which already exist), what makes you think the threat actor won’t have access to signing keys?

This is not what attestation is even seeking to solve.

avadodin 4 days ago

Firmware upgrades don't need to use the same protocols. Without secure boot any applet can take a security hole escalate and persist until you take a trip to a zone of interest. With secure-boot+attestation, the vendors can choose not to let you download the latest map data, report you to the authorities, etc.

Why do people take DA as "Hail Satan" anyways.

Reply View 2 replies
  • cwillu 4 days ago

    “With secure-boot+attestation, the vendors can choose not to let you download the latest map data, report you to the authorities”

    As far as I'm concerned, you just conceded the argument.

    Reply View 0 replies
  • hsbauauvhabzb 4 days ago

    If this was about stopping malware, it wouldn’t be targeting Linux endpoints.

    Reply View 0 replies