I think it’s important to understand why these trends are happening if you want any hope of reversing them. It’s not just some incipient evil spreading its shadow over computing that we need to address. These technologies represent an advancement in the field, but the control of them is out of our hands.
The components you are referring to confer a clear and important benefit to devices – a secure boot chain. This is the most foolproof way we know to prevent tampering or hacking a device.
The problem is that some of these secure boot chains don’t allow being overridden by users. Many do – the Pixel series of phones, the M-series of Apple laptops, and Windows S devices all allow “turning off” or “hijacking” their secure boot chains. The further problem if you can turn off secure boot is that these pieces of hardware often can’t then be turned back on with a different secure boot chain – say, one based on open source software. Debian and NixOS and other OSes already have zero-trust ways of verifying the integrity of their software using reproducible builds, but they can’t go the step further and have the hardware it is installed on do the same verification with some sort of signature.
GrapheneOS has figured out how to do this, and it leverages the secure boot chain of the Pixel device. It is very cool and I think a nice symbiosis between the hardware and open source software: https://grapheneos.org/build#generating-release-signing-keys
The next and more problematic part of what these technologies provide is integrity, which is the guarantee that on top of the boot being secure, the software being run is from the manufacturer and it behaves as the manufacturer intends. A lot of functionality currently relies on this guarantee of integrity: anti-cheat software, DRM software (Widevine, HDCP), transit cards, credit cards, driver’s licenses, etc. The technology manufacturers aren’t building this software because they want to, but because they have to. The Original Sin for the iPhone was carriers: at the time in 2008 they were really worried about unlocking and tethering, and the prank of the day was to put a flashlight app into the App Store that allowed tethering via a proxy. Rights holders, carriers, game manufacturers, etc all pressure tech companies to use integrity to solve their problems.
Many of these solutions have alternatives that don’t require OS integrity: if the government issues signed digital IDs, for example, then it wouldn’t matter what software is running on the phone. Some are tough and don’t have alternatives, like anti-cheat and DRM. DRM in particular is a complex US legal issue: anti-circumvention is straight up breaking the law. No solution would be comprehensive without changing the law.
Progress has been made, though! The fact that we have figured out ways of unlocking boot chains in a way that is acceptable to all of the large companies is awesome. Apple does it by being able to guarantee other secure boot chains on the device remain intact, and Google does it by ensuring the device is wiped. This took real engineering effort to do.
It’s important to push these companies to go further. An M1 iPad is almost identical to an M1 MacBook in hardware, and yet Apple only allows the latter to run Linux.
The comment is already a blog post, but another big problem is that these tools are great for anti-competitive purposes… which the government is increasingly taking a look at.
> I think it’s important to understand why these trends are happening if you want any hope of reversing them.
Why? Because we let it happen. We keep buying these things that have this function as a feature. The answer is simple but it demands dedication and resilience.
Simply stop buying them and using them. Yes, a boycott. There is no other answer because they are making ton of money doing things this way and the one;y way they will stop is if we stop making it profitable for them.
You need across-the-board regulation, things like right-to-inspect-and-repair rules written into law, enforceable by independent parties via civil lawsuits in law courts - and that's because the entities involved have monopoly/monopsony power in the markets.
At some point, it's like telling people who don't want to drink dirty water that they should boycott their one and only water provider.
Boycotting doesn't work. It never does, it never did. Neither in tech nor anywhere else.
Maybe there would've been a chance if it was easy to prove that for every TPM chip they have to manufacture, they need to kill a small kitten. Or, if computing hardware was a commodity like a laundry detergent, so you could just choose an alternative that has near-identical specs, near-identical design and near-identical price, but comes without that one feature you don't want.
The companies don't care what you think, because this is a supplier-driven market. As a consumer, you can only choose out of what's available on the market. There's only so many players; barriers to entry are high, and they corrupt those who scale them[0]. They're going to keep making money and keep telling you what to buy, because they know you have no other choice.
----
[0] - You need a lot of up-front capital to start a hardware or software business. You're not going to pay for it out of your own pocket. The kind of people that will happily lend you money? They're the ones that will make sure your product fucks end-users over in every way possible, because they want to maximize returns on their investment. So even if you started wanting to do good, you're unlikely to be still doing it if you succeed.
Boycotting is not a practical solution for so many reasons for so much of the technology we use every day.
It represents a black-and-white way of thinking about the problem when the entire point I am trying to make is that everything is gray and if you work in technology you need to understand the different shades of gray better.
> The further problem if you can turn off secure boot is that these pieces of hardware often can’t then be turned back on with a different secure boot chain – say, one based on open source software.
Is your statement meant to be inclusive of, say, all laptops? I was under the impression that one can setup a machine to boot using personal keys rather than Microsoft keys: https://www.dannyvanheumen.nl/post/secure-boot-in-fedora/
I don't consider UEFI Secure Boot to be on the same level as these other secure boot technologies because it doesn't help in the face of physical access to the machine.
The process of being able to use your own keys is certainly cool, but it is less impressive if anyone with physical access to the machine can also do that
The components you are referring to confer a clear and important benefit to devices – a secure boot chain. This is the most foolproof way we know to prevent tampering or hacking a device.
The problem is that some of these secure boot chains don’t allow being overridden by users. Many do – the Pixel series of phones, the M-series of Apple laptops, and Windows S devices all allow “turning off” or “hijacking” their secure boot chains. The further problem if you can turn off secure boot is that these pieces of hardware often can’t then be turned back on with a different secure boot chain – say, one based on open source software. Debian and NixOS and other OSes already have zero-trust ways of verifying the integrity of their software using reproducible builds, but they can’t go the step further and have the hardware it is installed on do the same verification with some sort of signature.
GrapheneOS has figured out how to do this, and it leverages the secure boot chain of the Pixel device. It is very cool and I think a nice symbiosis between the hardware and open source software: https://grapheneos.org/build#generating-release-signing-keys
The next and more problematic part of what these technologies provide is integrity, which is the guarantee that on top of the boot being secure, the software being run is from the manufacturer and it behaves as the manufacturer intends. A lot of functionality currently relies on this guarantee of integrity: anti-cheat software, DRM software (Widevine, HDCP), transit cards, credit cards, driver’s licenses, etc. The technology manufacturers aren’t building this software because they want to, but because they have to. The Original Sin for the iPhone was carriers: at the time in 2008 they were really worried about unlocking and tethering, and the prank of the day was to put a flashlight app into the App Store that allowed tethering via a proxy. Rights holders, carriers, game manufacturers, etc all pressure tech companies to use integrity to solve their problems.
Many of these solutions have alternatives that don’t require OS integrity: if the government issues signed digital IDs, for example, then it wouldn’t matter what software is running on the phone. Some are tough and don’t have alternatives, like anti-cheat and DRM. DRM in particular is a complex US legal issue: anti-circumvention is straight up breaking the law. No solution would be comprehensive without changing the law.
Progress has been made, though! The fact that we have figured out ways of unlocking boot chains in a way that is acceptable to all of the large companies is awesome. Apple does it by being able to guarantee other secure boot chains on the device remain intact, and Google does it by ensuring the device is wiped. This took real engineering effort to do.
It’s important to push these companies to go further. An M1 iPad is almost identical to an M1 MacBook in hardware, and yet Apple only allows the latter to run Linux.
The comment is already a blog post, but another big problem is that these tools are great for anti-competitive purposes… which the government is increasingly taking a look at.