Strict launch integrity (unlike "secure boot") depends on a customer-defined root of trust. OpenCompute (OCP) Caliptra is an effort by hyperscalers to enforce a platform root of trust with OSS firmware, mandating dual signature by server OEM and hyperscaler customer. The platform RoT is responsible for validating device firmware and OS boot.
> Often we see.. great security.. compromised by other great ideas for mgmt and other things.. starts to weaken its security posture.. want to keep Caliptra very clean [via OSS firmware transparency]
Isolation architectures like pKVM on Android can run banking or wallet applications in a security-controlled VM, alongside arbitrary user-defined VMs. In contested environments, both security and the freedom to innovate are necessary to survive an arms race with a competent adversary.
Personally, I have more trust in open source software than anything the vendor puts on their devices. But very often either the vendor software is only allowed to run, or you have to disable secure boot to run your own software, weakening your security.
So I would like to have a process where the actual end-user and owner of the device is the root of trust, and then transfer that trust to the vendor software or to their own software if they so choose, instead of having the manufacture, vendor or some agency be the root of trust. Of course, it can come with a sensible setup, where the vendor is already trusted, but that trust should always be revokable.
There should also be a way to remove or transfer the ownership to another person, if the device is sold.
pKVM goes in a different direction, where software that is run, does not trust the host system, which IMO is not very nice. Trust is something that goes both ways and need to be earned, if I put trust in a software and install it on my system, then I assume that the software also trusts me. If the software doesn't trust me, why should I trust it?
If there is no trust between us, then it should not run on my system but on someone elses and let me communicate with it via a well-defined API we can both trust.
https://www.youtube.com/watch?v=p9PlCm4tLb8&t=2764s
> Often we see.. great security.. compromised by other great ideas for mgmt and other things.. starts to weaken its security posture.. want to keep Caliptra very clean [via OSS firmware transparency]
Separately, AMD has promised OpenSIL open firmware by 2026, https://www.phoronix.com/news/AMD-openSIL-Detailed
Isolation architectures like pKVM on Android can run banking or wallet applications in a security-controlled VM, alongside arbitrary user-defined VMs. In contested environments, both security and the freedom to innovate are necessary to survive an arms race with a competent adversary.