[conspire] (forw) Re: [Felton LUG] Oh boy, this doesn't look good...

[Rick Moen]

Quoting Tony Godshall (tony at of.net):

> Exactly.  I understand the desire for the former, but realistically
> it's mostly been used for tivoization or windows-only-ization.

Of course.  But the world is fully of potentially useful techniques that
are mostly put to undesirable uses.

If I were given a method to enforce a fully crypto-verified boot chain
where I control the signing, where the tools are reasonably designed,
and where I can opt to switch to an unsigned boot chain any time I want,
I'd be glad to have that, as one more part of my system I know has not
been fooled with, without my leave.

Similarly, if there were hardware write-protection for storage devices
(hard drives, SSDs, flash drives), like the write-protect jumper on old
SCSI drives, that would be a useful tool.  The advantage is analogous.
OTOH, hardware-level write-protection not under the owner's control
(but rather, say, that of a hardware vendor or a software company) would
be quite bad.  Again, analogous.