IMO hardware-based attestation have more to do with vendor lock-in rather that security.
In paper it's a good idea, actually. But in reality it does more to enforce vendor-approved software rather than protect the user in case the OS get compromised.
We should avoid to depend on hardware-based trust or attestation.
https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
[#]GrapheneOS #attestation #vendorLockIn #tpm #foss
=> More informations about this toot | View the thread | More toots from release_candidate@bsd.cafe
=> View grapheneos tag | View attestation tag | View vendorlockin tag | View tpm tag | View foss tag This content has been proxied by September (ba2dc).Proxy Information
text/gemini