[seba_dos1]

There's no such thing as "legitimacy of the bootloader, OS" that can be verified by someone who isn't the device's user. The bootloader that booted the phone I type this on is patched by me, which makes it more "legitimate" than any other bootloader that could be placed there.

[goblin89]

The reason (or, depending on your inclinations, the excuse) for trusted computing to exist is not to guarantee that I didn’t patch the bootloader of the phone on which I type my comment; it’s to guarantee I didn’t patch the bootloader of the phone on which your grandma logs in to her bank without her knowledge.

[seba_dos1]

No, the reason is to let application providers decide which platforms you can run their software on. The reasons why they need that are diverse: DRM, preventing reverse engineering, shifting liability, "cheating" prevention - to name a few, but ultimately they're all about asserting control over the user, just motivated differently in various use cases. "Think of the grandmas".

[ruszki]

What's the problem with the current status quo, or the status quo 5 or 10 years ago? 20 years ago there were basically no cheating prevention, but nobody cared. We just didn't play with cheaters. There are still cheaters in all games. No matter what kind of DRM streaming platforms use, their movies are on torrent immediately. The only difference compared to 5-20 years ago is that user experience is worse. I need to install a lot of intrusive bullshits, and I cannot watch movies with proper resolution. For literally nothing.

[seba_dos1]

It's not just that "user experience is worse", it's an existential threat to Free Software.

In the past, when you had a proprietary tool you needed to use to do something, people could analyze and reimplement it. The reasons to do that varied - someone needed "muh freedomz", someone else wanted to do the thing on an unsupported platform, someone else wanted to change something in the way the tool worked (perhaps annoyed by paper jams)... Eventually you could end up with an interoperable FLOSS reimplementation. This has happened with lots of various things - IMs, network service clients, appliance drivers, even operating systems, and this is how people like me could switch away from Windows and have their computers (and later phones) remain fully functional in the society around us, perhaps with minor annoyances, but without real showstoppers.

Remote attestation changes this dynamic drastically. Gaim (Pidgin), Kadu couldn't be made if the service provider like AIM, ICQ, Gadu-Gadu etc. could determine whether you're using the Official App™ from the Official Store™ on the Official OS™ and just refuse to handle requests from your reimplementation. They could still try and be hostile to you without it, and often did, but it wasn't an uneven fight. Currently we're still in the early days and you can still go by in the society by defaulting to use services on the Web, using plastic card instead of phone for payments etc. but this is already changing. And it's not just a matter of networked services either - I bet we're going to see peripheral devices refusing to be driven by non-attested implementations too.

Secure boot chains have some value and are worth having, but not when they don't let the user be in charge (or let the user delegate that to someone else) and when they prioritize the security of "apps" rather than users. The ability for us as users to lie to the apps is actually essential to preserving our agency. Without that we're screwed, as now to connect ourselves to the fabric of the society we'll need to find and exploit vulnerabilities that are going to be patched as soon as they become public.

[Avamander]

> The ability for us as users to lie to the apps is actually essential to preserving our agency. Without that we're screwed, as now to connect ourselves to the fabric of the society we'll need to find and exploit vulnerabilities that are going to be patched as soon as they become public.

The same freedom is being abused by malicious actors. Even on Windows (like BlackLotus), but also on pre-infected phones emptying people's bank accounts. This is an incredibly unfortunate outcome, but what's the solution?

I see no other potential outcome than that free computing and trusted computing are going to be totally separate. Possibly even on the same device, but not in a way that lets anyone tamper with it.

[seba_dos1]

A lot of other freedoms are being abused and always have been, but somehow we don't go and ban kitchen knives, as having them around is valuable. This is a false dichotomy. Systems can be secure and trusted by the user without having to cede control, and some risks are just not worth eliminating.

Most importantly - it's the user who needs to know whether their system has been tampered with, not apps.

[ruszki]

How large is this preinfected phones problem? Is it large enough to sacrifice freedom?

[AppAttestationz]

You can bicker about the words all day long. Legitimacy, or perhaps better: authenticity, in this context, would be a bootloader or OS that doesn't allow tampering with the execution of an app.

[seba_dos1]

Any bootloader or OS that doesn't allow the user to tamper with it or the other tools they're using on it is obviously illegitimate malware.

[AppAttestationz]

It's a funny comment, because actual malware, very much loves to tamper with the bootloader and OS.

Which was the motivation for cryptographically attesting the boot process and OS, and in part paved the way for app attestation.

There are alternatives though: The Android Hardware Attestation API enables attestation on custom ROMs, but the attestation verifier needs a list of hashes for all "acceptable" ROMs. GrapheneOS publishes these but there's nobody, to my knowledge, maintaining a community list.

[seba_dos1]

Nothing funny in it, I'm afraid. Socially accepted malware is still malware. Caffeine is a stimulant, alcohol is a drug, a piece of software that works against the user is a malware.

Cryptographic attestation is not a problem in itself, the problem is exactly what you already somewhat hinted at: it's who and how decides who to trust and who gets to make (or delegate) the choices. You can make a secure system that lets the user be in charge, but these systems we're discussing here don't (and that's by design; they're made to protect "apps", not users).

[izacus]

Sorry but this is nonsense - most users, even the Linux toting power users - don't have the time, ability or knowledge to verify the contents of their OS in a way that would catch issues prevented by attestation.

The problem with modified phones containing malware is very real and unless you want a full on Apple "you're not allowed to touch the OS" model you need some kind of audited OS verification that you as a user or a security sensitive software can depend on.

[seba_dos1]

No, what you're saying is nonsense. I can burn a key into efuses of this phone to make it only boot things signed by me and make the whole boot path verified, OS image immutable etc. and all of this can provide me some value, but it's absolutely not in my interest to let applications be picky on what can or can't happen in the OS (even if they would accept my key being there rather than Google's, which they won't). The only thing it manages to do is to prevent me from using the device the way I want or need it to be used.

[izacus]

I agree about the part where apps shouldn't be able to see whether the OS is trusted.

But to remove that incentive you first need to stop punishing app companies for compromised user OSes from legal perspective.

Are you willing to absolve Google, Apple and Deutsche Bank from responsibility of damage that happens on compromised user OSes?

[seba_dos1]

The attested systems have vulnerabilities too, so how do they deal with that responsibility?

[rep_lodsb]

There's also a problem with unmodified phones containing malware, namely an operating system made by an advertising company, which is designed to collect as much information about you as possible.

And this malware is largely based on open source code (Linux) that was originally developed on open, documented hardware, where the firmware boot loader did nothing more than load the first 512 bytes of your hard disk to address 0x7c00 and transfer complete control to it.

Yes, there were viruses that exploited this openness, but imagine if Linus Torvalds would have needed a cryptographic certificate from IBM or Microsoft to be allowed to run his own code! This is basically the situation we have today, and if you don't see how dystopian this is, I don't know what more to say.

I will never understand why such an overwhelming majority of people seem to just accept this. When frigging barcodes where introduced, there were widespread conspiracy theories about it being the Mark of the Beast -- ridiculous of course, but look at now where in some places you literally can't buy or sell without carrying around a device that is hostile to your interests. And soon it will be mandated by the state for everyone.

Google must be destroyed.

[izacus]

Yeah, randomly calling software that you don't like "malware" isn't making a strong case you think it does. Or helps in this discussion.

[rep_lodsb]

It's doing things that are against the interest of the user. But obviously, that's no longer an acceptable definition! According to our benevolent overlords, Android is definitely not malware, while yt-dlp is </s>