You're not wrong, but unfortunately those of us on the side of free software aren't the ones driving most technology decisions. This technology already exists, and if people want to use it to lock us out of our own hardware, they can already use it to do so. Right now we're partially saved by remote attestation on x86 systems just being too complicated (and, basically, too privacy violating) to deployed in a way that could be used against users, but this is basically what things like Safetynet on Android are doing right now.
When the proprietary software industry is already using technology, I don't think we benefit by refusing to touch it ourselves. We can use this tech to lock down devices that are better off locked down, and where we're not violating user freedom in the process. We can use this to make it harder for activists to have their machines seized and compromised in a way they can't detect. Refusing to do the good things isn't going to slow down the spread of the bad things.
I am completely against any form of this technology, just like DRM, because it breaks the concept of physical ownership.
We can use this to make it harder for activists to have their machines seized and compromised in a way they can't detect.
This argument is often-made and I hate it because it advocates destroying the freedom of many just for the needs of a tiny minority --- and if a nation-state is going after you, it's pretty much game over unless you can create your own hardware.
Refusing to do the good things isn't going to slow down the spread of the bad things.
Maybe to you it's a good thing, but to many of us, that is the equivalent of giving Big Tech the noose and saying "don't put it around my neck!" (The saddest part is how many will happily work in these noose-factories, either oblivious to or convinced that what they're doing is "good".)
Am I missing something? This seems to be incorrect, this is explicitly a case where you, the hardware owner, controls the signing keys. It's nothing like DRM, that is a case where an outside person controls the keys.
The problem is now that this exists and is easy to set up, it's easy for the manufacturer to make a device where they're in control of the keys forever instead of the eventual owner gaining control.
So don't buy that device? Those devices already exist, that doesn't prevent you from buying other devices where you control the keys. If manufacturing an unlocked device becomes unprofitable and stops happening everywhere, then we can talk about what to do, but I don't think the existence of secure boot on Linux is going to make much of a difference either way.
>If manufacturing an unlocked device becomes unprofitable and stops happening everywhere, then we can talk about what to do, but I don't think the existence of secure boot on Linux is going to make much of a difference either way.
You mean... The last decade or so? Pretty much Mobile period sans the Librem 5 and I think maybe one other? Anything with an ARM chip that'll run windows must be secure booted and signed by Microsoft.
Or how about Nvidia(mostly)/AMD(to a lesser degree) video cards, where the entertainment industry increasingly relies on cryptographic attestation to constrain what people can do with hardware they bought? There is no "fully unlocked" buying option, and trying to divest yourself of Nvidia is impossible while being able to use your card to the fullest.
Or John Deere with their crippled hardware as a service model?
I'm all with charging for convenience. That's a value add. I'm not cool with intentional crippling, and extortionate practices whereby the manufacturer maintains ultimate control after first sale either legally or practically through privileged access to signing keys.
It's a race to the bottom - or the top depending on how you look at it. Unless right to repair laws cripple their attempts, companies like John Deere will be able to use their lock in to wring ever more revenue out of their customers. That extra revenue, even if marginal in the grand scheme of things, will drive improvements in their hardware and software that competitors will have to match, most often by implementing the same tactics as John Deere (why not, when JD has already proved them? an MBA will say). Agriculture is already an industry forever on the razor's edge so any short term competitive advantage in yield or even up front capital cost will rapidly outweigh any medium to long term maintenance issue for farmers that live from loan to loan.
Just look at how fast the industry flipped over from dumb TVs to smart TVs, a similarly competitive and low margin market. I haven't been able to find a dumb TV at a big box store in years and the only options left are for commercial signage displays that command a large premium - largely made by the same brands that make the smart TVs.
I have a Pinephone myself but Android and iOS have already sucked all the oxygen out of the room - it's still nowhere near ready to be a daily driver and it's a decade plus late to the party. I got a small open source 3G cell tower for development years before the Pinephone even hit the drawing board.
That's just making their argument for them. What is the argument in favor of them making unlocked devices? Can it be done while increasing their profits?
More and more services require Android/iOS, either with Google services, or they even detect and block users with rooted devices/custom firmware such as LineageOS (for example Revolut). So far, one can go without them, with some inconvenience, but it's getting progressively worse.
There's some startup (maybe a ycombinator one) that "provides online meeting places for apartment communities." The managers of the building I live in have been pushing it pretty hard. I went to join it the other month because it's always good to socialize some.
Absolutely no web presence outside of (essentially) a brochure and email complaint form. I thought about complaining but I really don't care enough.
Sorry, but the future of computing is secure attestation of everything the CPU runs -- from the boot firmware to end-user applications. In the open source world we have two options -- we can either get on board with this or we can fight it and lose.
Development work is expensive. A cheap turnkey way of building a locked-down, remote-attesting distribution is going to make the bad things cheaper and more common. I'm sure proprietary developers would get there eventually, but this is one class of software where I think publishing a stable, bug-free implementation that anyone can use does more harm than good.
It's been already done many times. You can lock down your own machine from scratch in a couple of days with no prior knowledge. There's really nothing to hide and all elements of it are useful in their own right.
How? You can use this to secure your own devices from tampering. Lots of (cheap) devices are already locked down like this, would it really help to deprive yourself of the capability to secure your own devices too?
I personally don't dislike the concepts of trusted computing. As much as I love to tinker with things, the last thing I want is some data appliance being remotely exploitable.
I think all the devices that provide more security by being heavily locked down should basically have a tinker switch. If you really want to write your own firmware for your phone or your dishwasher, flip it to tinker mode which locks you (maybe permanently) out of the software it shipped it and let you flash whatever on to it. The manufacturer gets to waive all responsibility for your safety (digital, physical, etc.) from that point onward.
Bonus points if it just blows away the keys to the onboard software so you can use the security mechanisms for your own code.
That's still very consumer-hostile. How am I supposed to write a replacement firmware for my dishwasher if I have to brick it first? I have dishes to wash! I'm not gonna buy a second dishwasher for development purposes. Why can't I test it against the native firmware?
(And by the way - remotely exploitable dishwashers? What the heck is the world coming to?)
I was just thinking of the extremely litigation happy culture in the US. We literally have thousands of highway signs in cities saying that if you were in an accident, call us and we'll sue the person who rear ended you.
All I imagine is someone running their own firmware on an appliance, doing some unseen damage, and then reverting to the onboard firmware and getting hurt. It would be a field day for lawyers.
I completely agree that this sucks and it's the same reason robotics has proceeded at a snail's pace. God forbid making a Roomba with a more powerful vacuum, what if it ran over someone's toe.
Yes, and you only need this at the root hypervisor level, once peripherals can be abstracted in a new way (maybe DMA at a different privilege level, certain hardware features would be required).
I am not super mad if I have to run my custom kernel in a VM. It substantially reduces the surface area exposed.
Yeah, on devices without hardware attestation. Which is now the new normal on all phones sold. When the software route inevitably gets disabled and you can no longer fool google into believing you dont have hardware attestation you are done for good.
When the proprietary software industry is already using technology, I don't think we benefit by refusing to touch it ourselves. We can use this tech to lock down devices that are better off locked down, and where we're not violating user freedom in the process. We can use this to make it harder for activists to have their machines seized and compromised in a way they can't detect. Refusing to do the good things isn't going to slow down the spread of the bad things.