Apple already shipped attestation on the web, and we barely noticed

If this happens, I expect the majority of Windows and Android devices to stop working too. They are also a diverse and hackable platform that is apparently insufficient for a future where I have to attest to owning certain hardware.

> except a few 'blessed' distros that will then become industry controlled, and not Linux in spirit anymore

You know, I hear this a lot but seldom hear the details of how it might happen. Industry-controlled UNIX is the reason Linux exists - if you take the spirit away from Linux, it gets forked into another community project. Unless you're stripping it of it's GPL license, Linux will be "Linux in Spirit" until it stops being used altogether.

Not the majority, just a *lot* of older ones.

New Android phones have hardware-backed SafetyNet, new Windows devices have Trusted Boot (not to be confused with Secure Boot).

Both can and will be used to attest the browser environment. Linux devices will get hit (unless I guess we see locked down signed kernels, Chromebook-like things).

If people can't use their prefered Linux distros to do banking, or can't connect to social networks,email providers, music streaming services and so on this will mean practically they are forced to switch distros. Which would eventually add more control power to some Distros to what goes into development and what not.

You can see systemd and it's history about how it hold power.

> Industry-controlled UNIX is the reason Linux exists

Linux only exists because it is free and it runs free apps for every category of keyboard-driven task a typical user would want.

The answer to my question of how a predator like IBM is going to take out the other non-RHEL based distros is starting to come into focus. This should help Ubuntu get the Mint monkey off its back too.

Or run one of the "blessed" or "compromised" (depending on your point of view) distros in a VM purely for those types of things.

That's the point where you'd need the VM itself to be attested for it to work. Hyper-V kinda does it already with Shielded Windows VMs.

With the advent of SEV, you won't even be able to look at the stuff your hypervisor is running.

All machines sold with Windows have been required to include a TPM since 2016.

It's really slowly boiling frog situation playing out over the past 20 years. Since Aegis bootloader outlined how trusted computing will be created with predictions of allowing Internet access only to attested devices/people, we seem to be at the brink of somebody flipping the switch. Other predictions contained historic data/web changing as politically convenient with nobody being able to access/view the old original anymore due to only attested devices available.

Also there is no guarantee that "attestation" won't require your software to run on the physical hardware and not on a vm.

True, but virtualization is big enough (including Microsoft's own Windows365 offerings) that passing "trust" down into VMs will be done. And with SEV there isn't even a way to tamper with things after the attestation process has been completed.

Even assuming the VM workaround works, this would be catastrophic from an usability standpoint.

Linux has been making giant strides towards increasing accessibility and lowering the friction of adopting it as a daily driver, while preserving the freedom to choose any distro you want.

Forcing new users to babysit a second installation in a special VM would be wiping out decades of progress.