
  commented:
So cool! I love to see remote attestation used to make 3rd parties
more trustworthy instead of the usual use of making my computer less
trustworthy.

  commented:
Can you really do that? Honest question because I feel I really must
be missing something.
For sure, I can use attestation to make a device I manufacture harder
to impersonate/tamper with by others.
Also, GitHub attestation sounds realistic and useful; they can
guarantee that I cannot lie when saying a specific binary was produced
by a specific set of inputs. (And reproducible builds help with that.)
But how I would verify that an attested build is legit without trust
in some third party or build reproducibility verification?
I see many useful forms of attestation, but I'm really seeing how the
article provides any benefit for most end users?

  commented:
You do have to trust a party - the hardware manufacturer. You also
have to trust the kernel, and one or two other bits of software.
These things you had to trust in any scenario. But you largely get rid
of having to also trust GitHub, and Azure, and the implementors of a
ton of software and entitiers (Nix, the hypervisor, ssh, sudo,
everything running on the host, likely systemd, in the Nix case also
whoever is storing the signing keys, probably also your coworkers and
a lot of things running on your development machine, and who knows
what else). The difference is huge.
EDIT: because of the attacks mentioned, you do still have to trust
Azure or whoever owns the servers running your build to not physically
tamper with them nor to allow another party to tamper with them. Also,
all these claims are just about the integrity of the build itself -
obviously a compromise in most of these could affect you a variety of
other ways.

  commented:
If I understand correctly, GitHub can prove to you that as long as you
trust they aren’t messing with the hardware, that they haven’t done
the much easier job of swapping out the software. Assuming GitHub was
hacked this would be possible for them to do accidentally as well so
you don’t need as much trust in their security.

  commented:
This is awesome. Any chance e.g. specific implementation details will
be published? Would love to experiment with this on my own.

  commented:
Yeah - we're still trying different ways of making this more
efficient, but as soon as things stabilize I'm happy to write another
blog post with details. If you use cloud providers' attestation
support it's relatively easy, but that doesn't allow for the much
better "VM for only the builder and nothing else" approach unless you
either make images and spin servers only after you know what you want
to build (very slow) or copy the closure into machines you
preprovision in a pool (still somewhat slow, and you need to enable at
least some networking). Having full control of the host in dedicated
hardware should be much better on most counts, but so far we found
that when things work and when they don't seems to a be a function of
a really fragile mix of hardware, kernel, BIOS settings, firmware, and
specifics of your image.
.