But that's exactly why I advocate that the hardware attestation module be separate from the computing device - so I can be in control of what and when I attest, not the vendor.

▲

edg5000 a day ago | parent [-]

Can you elaborate. Say I buy parts myself and install a fully FOSS OS on my machine. Let's say I want to access my bank, and they demand attestation. You propose I'd buy an off-the-shelf, universal attestation module of my chosing (free market). But how would that work from an implementation standpoint? How would the module help put e.g. my bank at ease?

	▲	okanat a day ago \| parent [-]
		Those actually exist. Yubikeys, Nitrokeys (complete FOSS FW) or bank-approved code generators (For Germany these exist: https://www.reiner-sct.com/tan-generatoren/) are basically that. They provide independent assessment. So regardless of the OS or the browser both parties can make secure transactions.