I invented System Transparency. Ask me anything. :)<p>In short, System Transparency aims to make the reachable state space of a remote system discoverable. If that sounds interesting to you, be sure to check out these two related projects:<p>Sigsum - a transparency log with distributed trust assumptions.<p>Tillitis TKey - an open-source hardware FPGA-based USB authenticator with a measured boot KDF.<p>The Sigsum project is the most mature of the three, having reached v1 just a week ago after three years of design and development. TKey is available for purchase since May, through Tillitis AB. All three projects were initially research projects, led by me, internally at Mullvad VPN. Out of the three System Transparency is by far the most complex and ambitious. The website is quite outdated but we're working on that.
I'm having a hard time swallowing remote attestation as a concept. You can prove your system *thinks* it runs the same firmware/config/OS as intended by the operator, but you're still vulnerable to a broad range of hardware/OS bugs. If e.g. your NIC firmware gets hit with an APT and quietly starts doing DMA to exfiltrate data, does the system still show green on boot? How do you even verify blobs, yes you can decompile but what good does it do if you don't have the chip spec? I think IOMMU brings far more value.<p>And then the scary prospect where the same tech gets shoved into consumer PCs and used against the interests of the machine's owner. It's true this is useful in a corporate setting, but it's walking a thin line, one that e.g. Google would be happy to cross with something like WEI.