The video is a short documentary on Trusted Computing and what it means to us, the users.

If you like it and you are worried, please show it to others.
If you are not the kind to post on forums, adding it to your Bio on Lemmy and other sites, in your messaging app, or in your email/forum signature may also be a way to raise awareness.

  • PenguinTD@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I wish there is a version the gives more details on which party actually gets to decide what is considered “trusted” and the process of making your device “trusted”. And what is this related to the TPM on bios?

    • ReversalHatchery@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I think that the party is kind of distributed. If I’m not mistaken, the manufacturer of your device decides what they consider “trusted”, and they can certify the integrity of your hardware. On top of that, the operating system you use will take this as a base, and adds its own verification to it, to certify that the inetgrity of the OS has not been broken. And on top of that comes the web browser or some other software that verifies if it has been modified, and can certify if it feels ok. And then, when you use a service that wants to check if you run an “approved” environment, they will see the whole chain of verification, and they can decide if they dont trust someone in the chain. Like, if they dont trust that Firefox (assuming it implements WEI, which would be hugely disappointing) certifies its integrity honestly, or that they dont trust that your Linux kernel is honest, or if they dont trust that your System76 (or whatever) motherboard (and other hardware devices) dont lie or do cerification incorrectly, then they just simply deny you access.

      And the process if making your device “trusted” probably consists of a) using “approved” software and hardware b) getting the providers of your services to accept the software and hardware you use as trustworthy

      > And what is this related to the TPM on bios?

      The TPM is the secure element that makes authentic (believable) attestation (verification that it is what is says) possible. One of its important properties is that software you run can add their private keys to it, after which point they cannot be retrieved anymore, but still can be used, e.g. for cryptocgraphically signing data. The TPM may also store some keys permanently that were added in the factory, which it can use to sign data that verifies that it is this and that hardware device, and “feels ok”, as in it hasnt detected that it would have been tampered with.