>TPM-based measured boot, combined with UEFI Secure Boot, can generate a cryptographically signed attestation ... This is not a complete solution (a sufficiently sophisticated attacker can potentially manipulate attestation)
I was not aware that attackers could potentially manipulate attestation! How could that be done? That would seemingly defeat the point of remote attestation.
See this for example:
Defeating remote attestation will be a key capability in the future. We should be able to fully own our computers without others being able to discriminate against us for it.
loading story #47384810
The comms between the motherboard and the TPM chip isn't secured, so an attacker can just do a MITM attack and substitute in the correct values.
loading story #47383935
loading story #47383735