←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 2 comments | 26 Jul 22 03:46 UTC | HN request time: 0.464s | source
Show context
metadat ◴[26 Jul 22 03:50 UTC] No.32234045[source]
Ew. Why are all the chip manufacturers going along with this stupid plan? I want to buy a processor and then own it and have it work in my best interests, not consume electricity and generatie heat enforcing draconian 3rd party DRM policies.
replies(12): >>32234130 #>>32234281 #>>32234326 #>>32234400 #>>32234486 #>>32234981 #>>32235753 #>>32235848 #>>32236170 #>>32236808 #>>32237073 #>>32240665 #
Analemma_ ◴[26 Jul 22 05:10 UTC] No.32234486[source]
The conspiratorial answers here are emotionally satisfying, but ultimately wrong. The reason chip makers and OS vendors are adding this is customer demand, by which I mean enterprises. Companies want remote attestation and guaranteed-immutable OS images on their networks, and I honestly can't say I blame them. In a perfect world they could have it and we could somehow firewall it away from the consumer space entirely, but that's not going to happen.
replies(5): >>32234561 #>>32234804 #>>32234879 #>>32237705 #>>32261846 #
walterbell ◴[26 Jul 22 05:21 UTC] No.32234561[source]
On-premise, open-source, customer-owned remote attestation servers are possible. Avoid outsourcing integrity verification to 3rd-party clouds.
replies(3): >>32234573 #>>32234629 #>>32235239 #
p_l ◴[26 Jul 22 07:01 UTC] No.32235239[source]
Yes, they are possible... And they are implemented using all the evil things like Secure Boot, TPM, and Pluton.

MS remote attestation doesn't require remote cloud or anything like that, I recall it supporting air-gapped environment from the start (guess why, the top-price enterprise clients want that, including resigning windows with their own secure boot keys).

Disclaimer: for various reasons open source remote attestation in corporate is currently on my roadmap at work

replies(1): >>32235593 #
fsflover ◴[26 Jul 22 08:03 UTC] No.32235593[source]
> And they are implemented using all the evil things like Secure Boot, TPM, and Pluton.

There is nothing evil with TPM when you fully control it. See: Librem Key.

replies(1): >>32235714 #
1. p_l ◴[26 Jul 22 08:24 UTC] No.32235714[source]
You either don't remember or wasn't there when TPMs were first talked about, in either case I envy you then.

And yes, there's nothing evil involved if they are owner controlled, something that honestly was heavily Microsoft pushed because they do have clients that insist on them - the DRM functionality in intel ME has keys controlled by broadcasting associations instead (this is why you can't stream HQ on Linux from official sources), same with part of why AMD PSP got some uncontrolled bits (the blackmail goes that if you don't do that, customers will quickly find they can't stream netflix/whatever in high quality on your hw and will stop buying it).

Personally I believe that owner-control of hw should be enshrined in law, just like right to repair and modify, along with laws against deceptive "looks and quacks like a sale, is actually a lease" practices

replies(1): >>32235748 #
2. walterbell ◴[26 Jul 22 08:29 UTC] No.32235748[source]
> owner-control of hw should be enshrined in law

Have you seen OCP's Caliptra RoT, which requires OSS firmware, enforced by dual-signing of firmware by both OEM and owner? Currently for hyper-scalers, but this approach can be adopted by other enterprise customers, https://www.youtube.com/watch?v=p9PlCm4tLb8. Attestation will be done to Caliptra, which can then release SoC boot ROM from reset.