undefined | Better HN

0 pointspoettering8y ago0 comments

trusted boot and TPMs with remote attestation exist precisely to ensure that physical access does not mean game over. It's all there, people just need to make use of it in their systems. And yes, trusted boot and TPM has issues, but without all this the attack surface is massive, and I think needlessly so.

0 comments

thinkMOAR8y ago

(trusted boot and TPM are afaik already compromised albeit you need to bring a near rocket scientist)

I will always think physical access is game over whatever 'rocket science' or re-invented old principles people come up with software wise and i'm not sure, but hardware probably too but software is easier to mangle.

And indeed yes, security is layers, layers that make it more difficult, and having many options for layers to choose from that is great.

Also didn't hear about OStree before really, reading up on both for some future project.

j / k navigate · click thread line to collapse

0 pointspoettering8y ago0 comments

0 comments

thinkMOAR8y ago

(trusted boot and TPM are afaik already compromised albeit you need to bring a near rocket scientist)

And indeed yes, security is layers, layers that make it more difficult, and having many options for layers to choose from that is great.

Also didn't hear about OStree before really, reading up on both for some future project.

j / k navigate · click thread line to collapse