Hardware Attestation: Monopoly Enabler You Should Know About

Hardware attestation is marketed as a security feature – proof your device hasn't been tampered with. But a viral GrapheneOS post on Mastodon reveals it's becoming a monopoly enforcement tool. The thread hit Hacker News with 748 points and 279 comments. The core issue: the European Union's Digital Identity Wallet (EUDI Wallet) requires attestation from Google or Apple, making Europe's entire digital identity ecosystem dependent on two US tech giants.

How Hardware Attestation Enables Monopoly

The GrapheneOS post argues that hardware attestation – cryptographically proving a device's hardware and software match an expected configuration – is being weaponized for vendor lock-in. The EUDI Wallet spec requires wallet apps to run on devices with platform attestation. That means Google-approved Android and Apple-approved iOS become the only practical path. The project's Platform Attestation Provider documentation lists Android Play Integrity and iOS DeviceCheck/AppAttest in its data register.

On Hacker News, commenters connected this to broader trends. One wrote:

The EU Digital (identity) Wallet EUDI requires hardware attestation by Google or Apple, effectively tying all digital EU identities to an American duopoly. Talk about digital sovereignty.

Another raised privacy: attestation packets can link actions to specific devices, even with ephemeral IDs. Without zero-knowledge proofs or blind signatures, the system is "just a show" because "you don't know what those intermediary servers are doing."

Why the HN Community Is Up in Arms

The Hacker News crowd has distrusted trusted computing since the Intel CPU serial number controversy in 1999. One commenter recalled:

In 1999, Intel received massive opposition when they decided to include a software-readable serial number in their CPUs, so much that they reversed the decision.

That opposition eroded under sustained "security" propaganda, leading to TPMs, mobile walled gardens, and Windows 11's TPM requirement. The EUDI Wallet is the latest example. The thread seethes with frustration that "protecting the children" – or in this case, "security" – justifies centralized control.

Another top comment captured the mood:

This is a really good thread on why this technology is becoming a problem for 'open' anything. The argument 'we can create our own separate web' is fine until all your services are behind the web that locks you into owning a Google-approved or Apple-approved mobile device.

The Bigger Picture: Privacy and Sovereignty at Stake

I've watched the slow creep of hardware attestation for years. The EUDI Wallet feels like a watershed. Secure enclaves and TPMs do raise the bar for remote attestation, but relying solely on platform vendors' services – Google Play Integrity and Apple DeviceCheck – creates an unassailable barrier to entry. There's no technical reason you couldn't use a third-party or decentralized attestation service. The real reason: the EUDI opted for the path of least resistance through Cupertino and Mountain View.

Then there's the privacy angle. The system doesn't use zero-knowledge proofs. Even with indirection via ephemeral IDs, attestation transits through servers that could mint permanent links. Without open audits, users must trust those logs are destroyed. History suggests that's a bad bet.

Building a Vendor-Agnostic Attestation System

If you're building anything that relies on attestation – a digital ID app, secure enclave service, or tamper-resistant record – you need to solve the monopoly problem. Relying on Google or Apple might be easiest, but it comes with strings: their approval, their fees, and their ability to cut you off. The EUDI Wallet is the first major government use case; others will follow.

One concrete alternative: support multiple attestation backends. Accept attestation from the TPM on a Linux device via Intel SGX or AMD SEV, not just Android/iOS. Here's a simplified example:

# Pseudo-code for multi-backend attestation

if device.is_android():
    attestation = google_play_integrity.attest()
elif device.is_ios():
    attestation = apple_devicecheck.attest()
elif device.has_tpm():
    attestation = tpm2_attest()
else:
    # Fallback – less secure, but open
    attestation = software_attest()

verify(attestation, allowed_backends=["google", "apple", "tpm"])

But even this is a band-aid. We need open attestation standards and hardware anyone can validate. As another HN commenter suggested, a legal requirement that general-purpose computing devices execute their first instruction from externally replaceable storage, not mask ROM, would allow third parties to audit the boot chain and break the monopoly.

What Developers Should Do Now

If you work on sensitive apps (digital identity, payments, health records), start planning for attestation – but in a way that doesn't lock users into one platform. If you're a policy maker, be alarmed: the EUDI Wallet has become a backdoor for enforcing the duopoly. If you're a privacy-conscious user, this is another reason to be skeptical of any system requiring hardware attestation from a handful of corporations. For everyone else: ignore it until the day you need to prove who you are and your device says "not authorized."