• i_am_not_a_robot@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Actually, they are controlling your graphics driver. If you’re using a custom driver you’ll fail attestation because you have untrusted code in your kernel and/or browser process. I expect this will also fail if you’re using an old driver with known vulnerabilities that allow you to use your own device in unexpected ways.

      • maynarkh@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Your TPM unit in the motherboard has more privileges than you do. It attests to the integrity of the kernel, graphics driver included, and the kernel attests to the integrity of the browser and any peripherals.