> I don't see how remote hardware attestation avoids being spoofed
Hardware cryptoprocessor. Keys are held in a tamper resistant secure element. You're not gonna get at those keys without pouring some serious resources into the task.
The keys are owned by the corporation and used to establish a root of trust from boot. If you change anything at all to suit your interests, verification fails, your machine is identified as "tampered with" and designated as untrusted.
History tells us there will always be a “low cost” vendor with exploitable hardware, or if production becomes more tightly controlled, inevitable cost cutting and declining standards will provide a way in. Not that we shouldn’t oppose locked down hardware, but locking things down creates pressure and motivation for the people who like things to be unlocked.
Your untampered device will be enrolled with a verified ID provider and they’ll be part of the attestation. The tamper resistance hardware benefits from decades of hacking. Plus you’re not talking about things like compromising a single long lived key or similar like you could with physical media or players.
We’ll probably get to the point where you need a verified id to buy a phone that does attestation. Tamper with it and go to jail. Who’s going to hack that?
Even if things get that locked down, I suspect that leaked attestation keys and fake/stolen ID verification will always be a problem. There’s a lot of money to be made in this, and someone will inevitably decide not to leave that money on the table, legality be damned. This risk only goes up with manufacturing that crosses borders, and despite the push to renationalize production, it’s going to be a long time before that is feasible at a mass scale.
A small, hardly exclusive list of things we have been unable to protect through technology:
- DVD/Blu Ray/HDMI copy protection
- Windows product registration
- Device jailbreaking (manufacturers are constantly running to keep ahead of this but old versions are frequently unlocked even with iOS)
- Classified diplomatic documents
- Classified details of warfighting equipment
- Identities of federal employees (and even covert agents)
- Nuclear secrets
Technical measures aren’t always the weak point—bribery works just as well. As the US tech stack continues to decouple from China, they will also have the motivation to break our systems.
Everything seems directed into making that "low cost vendor" illegal and consolidating the market into a handful of players.
And yeah, it's a politics problem, not an economic one. If corporations could simply push Trusted Computing without a corrupt police (and military) backing them, we would be there since the 90s already.
Hardware cryptoprocessor. Keys are held in a tamper resistant secure element. You're not gonna get at those keys without pouring some serious resources into the task.
The keys are owned by the corporation and used to establish a root of trust from boot. If you change anything at all to suit your interests, verification fails, your machine is identified as "tampered with" and designated as untrusted.