지지 ᚠᚱᛖᛃᚨ Daniel 黄法官 CyReVolt3d ago

What if #firmware gave you an interface to manage access tokens, just like OAuth?

For the owner, have some password/PIN/key (think WebAuthn or similar) mechanism.

There be an authenticated (!) API for the OS to provision/reconfigure.

On first boot, possibly offer a TOFU based scheme; i.e., the OS gets an initial token, and the end user can export it, use it to set a different trust anchor, have the OS signed and store its keys, etc..

It's really not easy, but definitely possible, right?

Show thread지지 ᚠᚱᛖᛃᚨ Daniel 黄法官 CyReVolt

cross ref for discussion/notes

https://github.com/platform-system-interface/psi-spec/issues/45

ownership and security · Issue #45 · platform-system-interface/psi-spec

Create an interface to manage access tokens, just like OAuth. For the owner, have some password/PIN/key (think WebAuthn or similar) mechanism. There be an authenticated (!) API for the OS to provis...

GitHub
Apr 8 at 9:46amWeb