←back to thread

We should have the ability to run any code we want on hardware we own

(hugotunius.se)
2071 points K0nserv | 1 comments | 31 Aug 25 21:46 UTC | HN request time: 0s | source
Show context
tzury ◴[01 Sep 25 01:47 UTC] No.45088695[source]
We need both options to coexist:

1. Open, hackable hardware for those who want full control and for driving innovation

2. Locked-down, managed devices for vulnerable users who benefit from protection

This concept of "I should run any code on hardware I own" is completely wrong as a universal principle. Yes, we absolutely should be able to run any code we want on open hardware we own - that option must exist. But we should not expect manufacturers of phones and tablets to allow anyone to run any code on every device, since this will cause harm to many users.

There should be more open and hackable products available in the market. The DIY mindset at the junction of hardware and software is crucial for tech innovation - we wouldn't be where we are today without it. However, I also want regulations and restrictions on the phones I buy for my kids and grandparents. They need protection from themselves and from bad actors.

The market should serve both groups: those who want to tinker and innovate, and those who need a safe, managed experience. The problem isn't that locked-down devices exist - it's that we don't have enough truly open alternatives for those who want them.

replies(23): >>45088735 #>>45088761 #>>45088840 #>>45088846 #>>45088867 #>>45088917 #>>45088924 #>>45088947 #>>45089091 #>>45089098 #>>45089274 #>>45089445 #>>45089853 #>>45090037 #>>45090783 #>>45091788 #>>45091834 #>>45092235 #>>45092332 #>>45092365 #>>45092417 #>>45092508 #>>45094664 #
mjevans ◴[01 Sep 25 02:17 UTC] No.45088840[source]
Incorrect.

Choice 2. Empowered user. The end user is free to CHOOSE to delegate the hardware's approved signing solutions to a third party. Possibly even a third party that is already included in the base firmware such as Microsoft, Apple, OEM, 'Open Source' (sub menu: List of several reputable distros and a choice which might have a big scary message and involved confirmation process to trust the inserted boot media or the URL the user typed in...)

There should also be a reset option, which might involve a jumper or physical key (E.G. clear CMOS) that factory resets any TPM / persistent storage. Yes it'd nuke everything in the enclave but it would release the hardware.

replies(6): >>45088909 #>>45088912 #>>45088914 #>>45088933 #>>45089048 #>>45091997 #
judge2020 ◴[01 Sep 25 02:35 UTC] No.45088914[source]
Consider the possibility of an evil maid type attack before a device is setup for the first time, e.g. running near identical iOS or macOS but with spyware preloaded, or even just adware.
replies(5): >>45089026 #>>45089240 #>>45090838 #>>45091091 #>>45091946 #
1. cyberax ◴[01 Sep 25 03:42 UTC] No.45089240[source]
This can be fixed by adding some user-controlled "fuse". For example, with a TPM you will lose access to stored keys if the boot sequence is modified.