I mean for some rare specific usages it could be usefull like ensuring bank webpages integrity or similar but mostly and the main usage would be for what you said.
It doesn’t though - it basically ensures your device settings.
Is that integrity? Maybe - if the attester code is flawless and handles all situations perfectly, it could theoretically add to integrity, but that’s not a realistic outcome
It’s not designed for that. It can only block the site - it doesn’t add to security, it takes away from it.
Say a bank designs their own attester - suddenly you have code that, if compromised, is always run in the most privileged execution context, in a way the user can’t control right before you enter your bank password
I mean for some rare specific usages it could be usefull like ensuring bank webpages integrity or similar but mostly and the main usage would be for what you said.
It doesn’t though - it basically ensures your device settings.
Is that integrity? Maybe - if the attester code is flawless and handles all situations perfectly, it could theoretically add to integrity, but that’s not a realistic outcome
It’s not designed for that. It can only block the site - it doesn’t add to security, it takes away from it.
Say a bank designs their own attester - suddenly you have code that, if compromised, is always run in the most privileged execution context, in a way the user can’t control right before you enter your bank password