mcint

In a way, this is a nice balance for everyone (:P / /s / I'm sorry to say). Corporate interests get "good effort" security, almost something you could legal distinguish and prosecute for bypassing. And hobbyist users get repeatable workarounds.

It's impressive in attempted scope. I imagine this doesn't affect google's chromebook boot chain. It's really hard to coordinate across vendors.

mcint
For someone doing related work in the open (and least remarkably in the open), Oxide Computer told some storied about the difficulty of bring up of a new motherboard, and mentioned a lot of gotcha details and hack solutions for managing their AMD chip.

They talked about their bring up sequence, boot chain verification on their motherboard, and designing / creating / verifying their hardware root of trust.

I heard mention of this on a podcast recently, trying to find the reference. I'm pretty sure it was [S3]

- "Tales from the Bringup Lab" https://lnns.co/FBf5oLpyHK3

- or "More Tales from the Bringup Lab" https://lnns.co/LQur_ToJX9m

But I found again these interesting things worth sharing on that search.

- https://oxide.computer/blog/hubris-and-humility, see https://github.com/oxidecomputer/hubris as some of their key enabling software/firmware, custom written—-tradeoffs discussed in podcast.

- Search 1 [S1], Trammell Hudson ep mentioning firmware (chromebook related iirc) https://lnns.co/pystdPm0QvG.

- Search 2 [S2], Security, Cryptography, Whatever podcast episode mentioning Oxide and roots of trust or similar. https://lnns.co/VnyTvdhBiGC

Search links:

[S1]: https://www.listennotes.com/search/?q=oxide+tpm

[S2]: https://www.listennotes.com/search/?q=oxide%20and%20friends%...

[S3]: https://www.listennotes.com/search/?q=oxide%20and%20friends%...