This won’t help; the SOC silicon can be revised to record each executed instruction from power-on until secure-boot handoff opcode, with various supporting opcodes to query status-of / overflow-of / signature-for so that the OS reports pre-boot tampering implicitly as part of developing its own attestations.

▲

grishka 13 hours ago | parent [-]

Then also make it illegal for the SoC to contain any cryptographic key material.

My intention with this is to make sure that if someone were to desolder the flash chip and reprogram it, they could completely own the device without the device or SoC manufacturer having a say in it or a way to prevent or detect it.

	▲	altairprime 12 hours ago \| parent [-]
		Simpler to just make discrimination by hardware or software illegal than to legislate the silicon contents. That’s what everyone is upset about, after all: websites are gaining the ability to discriminate based on hardware-software with specific fidelity they never had before. If that was made unlawful, then you’d benefit billions of existing devices as well as future ones. The hard part is making the case that this sort of discrimination is worth fighting, but the John Deere lawsuits are (indirectly) further ahead on that point than the rest of tech is, weirdly enough. Example: I’m perfectly fine with my Touch ID sensor having a crypto-paired link to my SOC so that someone can’t swap in a malware-sensor at a border checkpoint; I also don’t want my device (or websites) to be able to discriminate against me installing my own homemade sensor. What that looks like in practice is close to what we have now, but not quite there yet — and is definitely not ‘no crypto-pairing at all’, as a ban on key material would enforce.