What I don’t understand is how does the attester check the device is not modified? Anything client side is just a matter of time until its get bypassed.
It needs integration with the TPM/secure element chip in the CPU and a device key issued by the manufacturer to sign an attestation that nothing in the software chain from kernel to browser has been modified .
These schemes tends to get regularly broken, just look at SGX
What I don’t understand is how does the attester check the device is not modified? Anything client side is just a matter of time until its get bypassed.
It needs integration with the TPM/secure element chip in the CPU and a device key issued by the manufacturer to sign an attestation that nothing in the software chain from kernel to browser has been modified .
These schemes tends to get regularly broken, just look at SGX