[hparadiz]

Remote attestation is just generating a random blob on the remote side and then making the tpm 2.0 module on a computer sign the blob with a private key. You then provide the signature and the public key to the remote for verification. That enrolls that device. After that you can "verify" with a new binary blob and validate a new signature came back with the same key. That full loop is remote attestation. The idea is your disk didn't get moved to another computer. It's a security thing that Linux does need and is capable of being fully open source.

It has nothing to do with drm.

[jiggawatts]

It has everything to do with DRM. It’s not “dual use” technology. It has one use, and this is it.

[hparadiz]

We're gonna be using this to validate someone didn't move your login to another device. Which will protect you from session hijacking. Your work stuff will start requiring it. Your media accounts will too. Or else linux will simply be locked out from major services. DRM is already in your browser. And literally has no connection to identity attestation.

[WD-42]

Who is “we”? So we can know who to avoid.

[hparadiz]

All corporate SSO providers.