Comment by WD-42
We had that announcement of a new "Verifiable" Linux project from Pottering, other kernel devs, and a bunch of ex-microsoft employees yesterday. Gives me the heebie jeebies.
We had that announcement of a new "Verifiable" Linux project from Pottering, other kernel devs, and a bunch of ex-microsoft employees yesterday. Gives me the heebie jeebies.
How dare you think for yourself in 2026!
Remote Attestation of Immutable Operating Systems built on systemd
Its the "remote" thing that has no place in personal computing, or rather, computing that is to extend one's own autonomy, or agency. Its no one's damn business whether my system is attested or not! I mean, sure theres certainly benefits for me knowing if its attested, but the other road is one of ruin, and will basically be the chains of the future.
If you're trying to remotely attest immutable OSs you are definitely not a home user, or if you are, you're definitely very keen at least and likely a raging self-masochist.
If you're NOT trying to remotely attest anything, you're fine. Just use your chosen OS, dawg.
Remote attestation is just generating a random blob on the remote side and then making the tpm 2.0 module on a computer sign the blob with a private key. You then provide the signature and the public key to the remote for verification. That enrolls that device. After that you can "verify" with a new binary blob and validate a new signature came back with the same key. That full loop is remote attestation. The idea is your disk didn't get moved to another computer. It's a security thing that Linux does need and is capable of being fully open source.
It has nothing to do with drm.
It has everything to do with DRM. It’s not “dual use” technology. It has one use, and this is it.
Yeah I caught a lot of downvotes for coming out early against it.