A friend, @chloetankahhui has been speaking up against the proposal to enforce age verification at the OS level, and the QRTs to this shows the extent of naivety that a lot of people have.
No one who does hardware security believes that any system is bulletproof, but do you really think that circumventing these things will always be a simple firmware mod or hardware hack?
Let's dive in. /1
Since the late 2000s, computer chipsets have shipped with security processors like Intel Management Engine and AMD Platform Security Processor.
Part of their job is to verify that the UEFI firmware is from the computer OEM and has not been tampered with or comes from a 3rd party. /2
How do these security processors verify the firmware integrity?
Through a set of cryptographic keys and their hashes, which are used to verify the cryptographic signature of the UEFI firmware. These keys or hashes are *burned* into the processor and cannot be changed. /3
For now, these functions are not strictly enforced or turned on in a lot of consumer devices.
But is there anything stopping nation states from forcing hardware manufacturers and OEMs to do so?
What options do you have in such a case? /4
There have been vulnerabilities in ME and PSP, and there MAY BE a way for users to bypass these checks.
But this assumes:
- Someone out there will put in labor to circumvent these things and release it freely, even at great expense.
- A simple, user doable hack even exists.
/5
Again, no one assumes that any system can be made 100% bulletproof. But that was never the point is it?
The end game is for manufacturers to harden their devices against cheaper tools and raise the barrier to entry such that it costs a fortune for hackers who might even try. /6
This is why GiovanH's blog article is a must-read.
People assume that accessible hacks of invasive systems will always exist, and users hacking their devices is to be expected.
THIS SHOULDN'T BE A NORM. THIS IS AN ARMS RACE AND WE'RE OUTMATCHED. /7
https://blog.giovanh.com/blog/2025/10/14/a-hack-is-not-enough/
People who think "oh we'll just buy Chinese motherboards and chips" or "just use open source hardware"
WHO FABRICATES THE BOARDS AND CHIPS FOR OSHW? DO YOU BELIEVE STATES LIKE CHINA AREN'T INTERESTED IN SIMILAR MEASURES OF CONTROL?
This is the tech equivalent of tankie-ism.
/8
Go on, circumvent these measures & keep our tech open and free.
But know that many hackers find basic hardware hacking tools too costly and out of reach. WE'RE OUTRESOURCED.
PUSH BACK BEFORE THESE POLICIES BECOME NORMALIZED. DON'T RELY ON HACKING ALONE TO SAVE US.
/END
@sleepyowl FWIW the current "contract" for what "a PC" even is (i.e. the requirements to get WHQL certified by MS) specifically defines that it must be possible to completely disable OS verification (UEFI Secure Boot) or use the user's own keys for it, out of the box without any extra requirements.
Firmware verification on every boot (Boot Guard et al) —which has already been widely enabled in Intel-based PC laptops of the last decade— did not change that, on its own.
Of course the policies are subject to change, but I think even Microsoft themselves would be really pissed about having to change any of this due to legal bullshit.
it was pushback in the form of case law. you may be too young to remember the brief moment techbros went from peddling microcomputers to their disappearance, then “smart phones”. 2 things happened: the end of TAP and passing of DMCA
“smart phone” is marketing used to circumvent case laws & regulations that gave us root access to our computers.
call smart phones microcomputers, and y’all see the techbros screeching why they CAN'T be, not why they aren't.
@jeffcutsinger ultimately I think microsoft don't _really_ want that sort of fine graned ironclad control at the hardware level as much as they want to lock you into platforms and services, "Windows" is just one of the er, "windows" you get pushed through into Copilot/Teams/Office. What they don't want is to let you out of the walled garden once you fall in.
There are though already very strongly locked platforms that seriously limit what you can boot (iPhoneOS, OSX) without hacks
@valpackett @sleepyowl It's hard to find a motherboard where you can both add your own keys and remove microsoft's without breaking hardware. For example, you can theoretically do both things in a Lenovo laptop but you had better verify your gpu hardware's software will boot without that microsoft key or you just bricked your laptop.
There's really no point if you can't add your own and remove the widely used one. May as well turn it off or use the shim method.
@sleepyowl one of the biggest threat to humanity.
Who/what project must we support to ensure we will always have alternative? Even alt non pc architectures
@sleepyowl Yeah, I've wanted to do a lot of hardware hacking but even good oscilloscopes cost a fortune, not even talking about all the other stuff you need. Every time I see a video people always have expensive equipment and then go "You can do this with any cheap alternative" and sometimes you buy the one cheap thing that can't do what you want it to do because reasons.
The option to mod THAT thing can be there, but that's ALSO a lot of time and effort. Atp it's a cycle of circumventing trash that our system designed to make it not trash,and then the question becomes 'What the fuck are we doing here?"
@sleepyowl While I'm all for pushing back on the policy, we should also make technical measures. Stock pre-covid era hardware. No way that states can come for all that hardware and force us to turn it in.
As for the 'performance improvements' -- software, including OS written in the past 20 years is so shitty that with a lot of optimisation work we can make it run at least a 100x faster on any existing hardware.
>but guess what would happen if China's SoC manufacturers would get equally as big as let's say, Intel/AMD/Qualcomm?
the executives would inevitably complain about state regulation, and the state's usual response for this is (for this day and age) surprisingly cathartic.
@elly @sleepyowl imo the urgent crisis rn is with Android OEMs which are walking back on the whole "OEM unlock bootloader" contract. Full control from the reset vector up was always hard to get (esp. on retail consumer devices) beyond a certain level of platform complexity, was always a freedom-nerd niche desire. But both the PC and Android contracts included custom OS support because there's real demand for that. Evidently some vendors are still somewhat cool (Moto collab with Graphene sounds positive?) but between Xiaomi announcing straight up "no more unlock for you" and OnePlus doing weird efuse-blowing things it's the most worrying space right now x_x
We really need to build an actually compelling and desirable platform (see the Modal.cx vision) with the best FOSS components we have, with which we would be able to campaign for our requirements much better. IMO just having abstract and nerdy demands would never get wider political/regulatory/business/NGO/etc attention, while "this is the free people's digital sovereignty sustainable green repair awesomeplatform we want X Y Z requirements to be met for our future innovation to unlock freedom horizons and independent sovereign cyber security" is the best shot we can have.
@sleepyowl "THIS SHOULDN'T BE A NORM. THIS IS AN ARMS RACE AND WE'RE OUTMATCHED"
we may be outmatched, but we're not outnumbered. don't lose hope, we can defeat this.
Not to mention "move elsewhere"
it unfortunately seems like _everyone_ is doing this all at once
if I was more conspiratorial minded I'd assume it was coordinated on purpose
@sleepyowl also
"We'll just buy secondhand"
what, supply is going to become a fraction of what it is now and we'll "just" buy what remains?
In this _optimistic scenario_ everything will be expensive as fuck
Get more conspiratorial minded. Fast.
Hell, just the "trusted computing" shit back in what, was that even the 21st century yet???-- made it pretty clear what big tech's goals for us were.
@pixx @sleepyowl @violetmadder Agree. When all the "Trusted Platform Module" stuff started appearing, it raised my suspicions about them wrenching ownership control away from the user to the big corps. Win 11 requiring TPM and an MS account + add OS age verification, they can basically watch everything you do.
It's totally killed my tech enthusiasm, as everything seems geared to collect data and spy on you. It's why I avoided all the IoT stuff and Alexa/Siri/Ok Google.
@sleepyowl @cwebber
"circumvent"
PS5 on 'freebsd' released 2020
*Just* got boot rom keys
So may be able to install linux distros soon, but still don't have full hypervisor access & there's execute only memory (xom) on the SoC
cors dump @ level 0 + jtag mitm *might* work to dump xom
So far no one's tried & I don't have jtag experience
Also, qualcomm qfuses preventing bootloader unlock on mobile phones
Pretty bad out here boss
Hope you have patience & enjoy waiting a decade to use anything
Schrödinger's Catgirl (Joyce)
Val Packett 🧉
Usagi
your auntifa liza 🇵🇷 🦛 🦦
Anthony Sorace
Matthew Garrett
Jeff Cutsinger
Bredroll
derptron
Sobri | Zoe (she/her)
Tokyo Outsider (337ppm)
Lutin Discret
John Abbe (aka Slow)
Miakoda 
ofeeg
Kirils Solovjovs
elly
numanumayey
artemist
Rasmus Sindum
Jonas Platte
mateusz6768
Seclusion5500 [they/them]
Mae
pixx
Violet Madder
Lesley M 🏴 🇪🇺
Rusty Shackleford
Haelwenn /элвэн/ 