Comment by stackghost
Comment by stackghost 4 days ago
Yeah I caught a lot of downvotes for coming out early against it.
Comment by stackghost 4 days ago
Yeah I caught a lot of downvotes for coming out early against it.
If you're trying to remotely attest immutable OSs you are definitely not a home user, or if you are, you're definitely very keen at least and likely a raging self-masochist.
If you're NOT trying to remotely attest anything, you're fine. Just use your chosen OS, dawg.
Remote attestation is just generating a random blob on the remote side and then making the tpm 2.0 module on a computer sign the blob with a private key. You then provide the signature and the public key to the remote for verification. That enrolls that device. After that you can "verify" with a new binary blob and validate a new signature came back with the same key. That full loop is remote attestation. The idea is your disk didn't get moved to another computer. It's a security thing that Linux does need and is capable of being fully open source.
It has nothing to do with drm.
It has everything to do with DRM. It’s not “dual use” technology. It has one use, and this is it.
We're gonna be using this to validate someone didn't move your login to another device. Which will protect you from session hijacking. Your work stuff will start requiring it. Your media accounts will too. Or else linux will simply be locked out from major services. DRM is already in your browser. And literally has no connection to identity attestation.
How dare you think for yourself in 2026!
Remote Attestation of Immutable Operating Systems built on systemd
Its the "remote" thing that has no place in personal computing, or rather, computing that is to extend one's own autonomy, or agency. Its no one's damn business whether my system is attested or not! I mean, sure theres certainly benefits for me knowing if its attested, but the other road is one of ruin, and will basically be the chains of the future.