> to check if your device is running an unmodified windows OS
Remote attestation sounds secure in theory but its Achilles heel is that at the remote end sb will have to perform a judgement of what „an modified OS“ is. And any wrong decision will stress test that sb‘s support division and might be subject to litigation. Likely there will be some industry standard white list which itself might be subject to manipulation (similar to the compromised SSL root certificates we had years ago).
I can’t imagine this will be set in place for all available PC software.
Furthermore, attestation happens during run time of a software stack that might itself be vulnerable to exploits. An attacker might find a way to short-circuit remote attestation w/o the remote party knowing.
Remote attestation sounds secure in theory but its Achilles heel is that at the remote end sb will have to perform a judgement of what „an modified OS“ is. And any wrong decision will stress test that sb‘s support division and might be subject to litigation. Likely there will be some industry standard white list which itself might be subject to manipulation (similar to the compromised SSL root certificates we had years ago).
I can’t imagine this will be set in place for all available PC software.
Furthermore, attestation happens during run time of a software stack that might itself be vulnerable to exploits. An attacker might find a way to short-circuit remote attestation w/o the remote party knowing.
See also:
https://courses.cs.washington.edu/courses/csep590/06wi/final...
(TFA linked this, too.)