SirNickity wrote:I wasn't talking about older OSes.
...
So I fear we're heading down a path where even "trusted" OSes can't be trusted unless it's a recent, updated, and known "safe" revision which was Secure Booted and has verified untouched signatures of all executable code, and there are no "rogue" applications installed.
Sounds like you are...
SirNickity wrote:the days of the open platform are numbered, if not already dead.
... for certain applications, yet.
SirNickity wrote:Sometimes I feel the only solution to this is to stand up a parallel industry, where the software AND hardware is open.
It's already (mostly?) there: linux. Problem is, not enough people care about it, so it never really gets anywhere, aside from server and embedded applications.
It wouldn't be without its problems, but it sure would be nice to have the freedom. Maybe some day, with all the hobby FPGA designs, such a platform could exist, and eventually become prolific enough that it could not be ignored. Probably a dream, but it's nice to have something to aspire to.
SirNickity wrote:This solution, of "signed code," is at its core an anti-consumer move.
I don't think it is.
For most consumers, a computer, with all its hard- and software is just a black box. They just want stuff to work. They aren't interested in modifying any code or installing any unsigned OSes, drivers, applications or whatever.
And for these people, signed code is actually a good thing, as it reduces the chance of malware tampering with their systems.
SirNickity wrote:But that architecture of this system is such that, tomorrow is not a guarantee.
How is that different from... oh, every other piece of hardware and software ever?
You never get any guarantees. Heck, I grew up with a ZX81, C64 and then an Amiga. Apparently none of them made it.
Likewise, my first PC used DOS. While I can technically still run DOS, it hasn't been supported by any modern hardware or software in decades.
There just are no guarantees.
No vendor is going to care about anything other than what makes them money. That gives you only the guarantee that whatever you buy now, will be supported by the OS/software 'du jour' for a few years, until it's time to upgrade again.
SirNickity wrote:That would have been a suitable alternative to Secure Boot.
Well no, because there's no way of knowing that your initial installation of the OS has not been tampered with, unless it was signed by a proper authority.
And before you say "That won't happen", it has. There are various cases of hardware that came with infected firmware from the factory, including phones and HDDs.
So basically as soon as you turned them on, you were infected, and it started infecting anything it came into contact with.
SirNickity wrote:Why do you think that solution wasn't chosen? I have my suspicions.
I think an analogy with something like MD5 hashes is better:
You download something, and you can check the MD5 hash from the site that you downloaded from, to verify that your download is correct.
Obviously that wouldn't work with the SSH analogy you presented: You download something, then generate an MD5 hash and 'assume' it's correct. You have no way of knowing.
The whole point is that you already know the MD5 hash before you downloaded it.
That's how Secure Boot works as well.