[mike_hearn]

I don't know much about Apple's hardware but at least consoles are secured against both those things. They have anti-glitch circuitry. The boot ROM doesn't even do comparisons against computed hashes, it just extends PCRs with them so it's glitch-proof by design even if the core stability monitoring fails. The Xbox One doesn't even expose most of the keys to software at any point. The keys flow from the hardware parts of the security complex to the RAM decryption/hashing engine via dedicated wires on the SoC.

Also, the entire stack is renewable. Unless you find a bug in the boot ROM they will just patch it and months of work will be toast within days. The boot ROMs are (a) encrypted and (b) very heavily reviewed and pen tested. Again, don't know about Apple but all these modern security architectures are more or less the same. The underlying theory is universal and sound, it just boils down to varying levels of cost / effort / backwards compatibility / generality.

So I'd say there are no right places to look anymore. There's always the potential for bugs in the tiny parts of the systems that act as the roots of trust, but these are small pieces of code and it's possible with enough break/fix cycles and review to make them perfect.

All the above rests on a few assumptions:

• Attackers of limited motivation. Xbox guys set a budget of $600 for hacking a specific console. If you're willing to spend more than that on a physical attack then they accept defeat (i.e. FIB workstations are out of scope).

• Platform vendors with tight control over hardware. PCs are insecure against physical attacks by design due to general disagreement and lack of consensus over whether it really matters / what the threat model is. So there are RA schemes but they're hardly used and mostly sold to enterprises wanting to defend against malware.

• Goal is to defend the whole stack. PC platforms can do RA of isolated worlds, this is how SGX works, and it's in theory secure against physical attack (encrypted memory) but SGX enclaves are very limited in what they can do. In theory you could build a secure path to the GPU, but in practice to do that requires a billion NDAs and only works with some GPUs etc and there's no encrypted path for input devices. On iDevices, consoles and other places with vertical integration that's solvable.

[EMIRELADERO]

God, all this sounds like a nightmare. I can't wait for laws that prohibit platforms/software from refusing service/content to users on the basis of the level of control they have over devices used to interact with it.

Dark times.

[mike_hearn]

Users love this stuff. It lets them buy cheap consoles that are sold below cost and subsidised by game royalties. Heavy gamers subsidise light gamers, and both can effectively "pay off" the true cost of the hardware over time as they buy titles. So it's a bit like zero-interest credit.

Also it eliminates cheating in multiplayer games, and users love that too.

And finally it stops gamers who play by the rules and buy games from feeling like mugs when their mates are playing for free, because there's no piracy.

You think users are going to vote to end all that? They already voted with their feet and embraced consoles on a massive scale. Both console and mobile gaming dwarfs PC gaming.

[EMIRELADERO]

Consider privacy. One might say "Users love this stuff. They get complex and effective services for free, all in exchange for contributing their data towards ads. Purchasers and advertisers subsidize light users who just consume the content."

And yet, we got laws like GDPR on the ideological basis that personal data is above the concept of "market" and about the individual, period. Your business model be damned.

The same thing should happen here. Both the complete control over all parts/SoCs of a device, and the right to the lack of negative consequences for choosing to exercise that control (such as being second-class citizens on the platform that runs on that device in terms of content/service availability) are paramount to a digital free society, and should be regulated as such, putting them above the concept of "market", just as privacy was.

[tptacek]

These same platform controls allow Apple to restrict user data collection from apps. Meanwhile: the notion of a "digital free society" isn't a thing.

[EMIRELADERO]

I'd much prefer governments use their force of law to make those tracking practices impossible (for anything that isn't an outright criminal enterprise) than a private entity making them technically difficult.