Won't matter. Remote hardware attestation means they will know you're trying to bypass their control. You'll be denied service at every turn. Can't even log into your bank account.
IMO, I don't see how remote hardware attestation avoids being spoofed. Yes, TPM is involved, but the end of the day, it's an API request/response. There are so many ways the request could be spoofed, and the attestation likely requires coordination with hardware vendors that have proven to be Highly Secure TM with the history of secure boot leaks.
> I don't see how remote hardware attestation avoids being spoofed
Hardware cryptoprocessor. Keys are held in a tamper resistant secure element. You're not gonna get at those keys without pouring some serious resources into the task.
The keys are owned by the corporation and used to establish a root of trust from boot. If you change anything at all to suit your interests, verification fails, your machine is identified as "tampered with" and designated as untrusted.
History tells us there will always be a “low cost” vendor with exploitable hardware, or if production becomes more tightly controlled, inevitable cost cutting and declining standards will provide a way in. Not that we shouldn’t oppose locked down hardware, but locking things down creates pressure and motivation for the people who like things to be unlocked.
Your untampered device will be enrolled with a verified ID provider and they’ll be part of the attestation. The tamper resistance hardware benefits from decades of hacking. Plus you’re not talking about things like compromising a single long lived key or similar like you could with physical media or players.
We’ll probably get to the point where you need a verified id to buy a phone that does attestation. Tamper with it and go to jail. Who’s going to hack that?
Even if things get that locked down, I suspect that leaked attestation keys and fake/stolen ID verification will always be a problem. There’s a lot of money to be made in this, and someone will inevitably decide not to leave that money on the table, legality be damned. This risk only goes up with manufacturing that crosses borders, and despite the push to renationalize production, it’s going to be a long time before that is feasible at a mass scale.
A small, hardly exclusive list of things we have been unable to protect through technology:
- DVD/Blu Ray/HDMI copy protection
- Windows product registration
- Device jailbreaking (manufacturers are constantly running to keep ahead of this but old versions are frequently unlocked even with iOS)
- Classified diplomatic documents
- Classified details of warfighting equipment
- Identities of federal employees (and even covert agents)
- Nuclear secrets
Technical measures aren’t always the weak point—bribery works just as well. As the US tech stack continues to decouple from China, they will also have the motivation to break our systems.
Everything seems directed into making that "low cost vendor" illegal and consolidating the market into a handful of players.
And yeah, it's a politics problem, not an economic one. If corporations could simply push Trusted Computing without a corrupt police (and military) backing them, we would be there since the 90s already.
Check how Play Integrity works today (DEVICE and STRONG integrities) and how it uses a non-extractable hardware key fused into the chip or security processor. Or read the GrapheneOS attestation guide and their example code. It's un-spoofable hardware attestation.
The fact that you can make it pass in some cases using Magisk and so on is because it's spoofing an older device (launched before Android 8) without hardware-bound keys and Google is deliberately allowing that in order not to blacklist the genuine users.
However, once Google decides that the collateral damage is tolerable and those devices should no longer pass Play Integrity, then it's game over. You can't spoof any newer stuff, as you can't produce the desired signature -- only the hardware can do it and the hardware won't do it.
The only way would be if the manufacturer screwed up and it's possible to run unsigned code (or signed by a different key) and maintain a pristine bootloader, or if the hardware key leaks somehow. In either case, the key is per device so Google is always free to blacklist that device if it really wants to. (Verification of the signatures is always done off-device, through Google's servers.)
If you have the right to run what you want on your machine, then they do too.
So then the problem gets moved up to why are you (or group of you) not powerful enough to negotiate being able to run what you want and either not need “them” or be important enough that “they” need you.
And the answer will come down to the fact that 90% of people don’t care about running whatever they want on their machine, and they want the cheapest, quickest, easiest solution.
> So then the problem gets moved up to why are you (or group of you) not powerful enough to negotiate being able to run what you want and either not need “them” or be important enough that “they” need you.
How tiresome.
You're right, we gotta become more powerful. Via radicalization. They seek to marginalize us. To turn us into second class citizens. To destroy free computing as we know it, destroy everything the word hacker ever stood for. If you're on this site and this doesn't radicalize you, then I don't know what to say to you.
Gotta start lobbying governments to make it a literal crime for them to discriminate against us in this manner. Just like racism.
My brother in <deity of your choice>, you are not on a Hacker site. This site exists as the community arm of one of the most capitalistic venture capital ecosystems on the planet.
When are you all going to stop expecting HN to be what it’s not?
EU law 2014/53/EU imposes new cybersecurity requirements on device manufacturers like Samsung. They must ensure that the devices they sell in Europe block the installation of unauthorized software and only run signed and approved ROMs.
