[ottah]

Ah, I see. It's just another fucking tpm, which let's venders approve or deny execution of signed binaries. So more infrastructure to attack general computing.

[UltraSane]

No, TPMs and HSMs are fundamentally nothing more than secure hardware dedicated to storing private keys in a way that makes accessing the plaintext incredibly hard. All of modern computer security is based on them.

[pabs3]

... and usually deployed in a user-hostile manner.

[UltraSane]

Any evidence of this? Computer security was a complete disaster before hardware roots of trust became standard.

[hulitu]

> Computer security was a complete disaster

It is still a complete disaster. Nobody needs the password to your bootloader when it can access all your data through your web browser.

[UltraSane]

That isn't possible.

[NewJazz]

Both things can be true.

[UltraSane]

The knee-jerk hysterical reaction to any talk of hardware roots of trust on Hacker News is getting tiresome and I expect better given the reputation of the site. It actually reminds me of old slashdot.

[pabs3]

The software running on such devices is usually proprietary and never installed by the user. That is user-hostile.