> It'll be trivial to work around for anyone actually up to no good
I never claimed they were motivated to actually stop these crimes.
If the real ultimate goal is to prevent the spreading of "state secrets" (i.e. journalists exposing government malfeasance), or reduce copyright infringement, or limiting the spread of "disinformation", or banning memes that insult public figures, then the government needn't worry about "hobbyist level homebrew retrocomputers". Most people will continue to use mainstream platforms, and most governments mostly care about controlling most people.
Besides, the next step will be to make ISPs deny service to any machine which doesn't have Secure Boot enabled, and which isn't running an "approved" OS, which checks every executable you run. Suddenly your general purpose computing device isn't very useful any more.
If the goal is to create an authoritarian dictatorship, then sure, controlling "most people" is usually enough because you can control the press by sending thugs to their offices.
But your "next step" is far beyond what even China does.
It would kill off any ability for software development. I'm all for being vigilant, but these scenarios are not realistic. As for a general purpose computing device being useful, as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data. After all, we have a long history of using acoustic coupled modems. No, it's not practical for regular users, but if we get subjected to that kind of authoritarianism, it's worth doing for the sake of it.
> But your "next step" is far beyond what even China does.
And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]
Add in the fact that Hollywood wants this (for DRM and blocking torrenting apps) and governments like Australia claiming their laws trump the laws of mathematics[2], and you can almost guarantee that this is going to become mandated as soon as enough Windows 10 users update to Windows 11.
> It would kill off any ability for software development.
Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create. As an interim step, governments may allow devices to access a "legacy" portion of the internet which doesn't require SecureBoot to be enabled, but expect that portion to get smaller and smaller each year.
> as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data.
But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device, and people could do the reverse process when they receive them, but that's a cat-and-mouse game which 99% of people can't or won't play, and governments will win by mandating cryptographic watermarks in any files created.
> And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]
Specific online services doing so is very different from a general ISP ban. A general ISP ban is impossible as long as you have an IO channel of any kind, including projection of text or playing sound. See the end of this comment. SecureBoot in itself also does not in any sense stop general purpose computing of unsigned code.
> Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create.
... and you've just kneecapped your software industry in favour of companies outside of said authoritarian hellhole. Won't happen. The EU has a long history of crazy demand like this being proposed, and they end up dying or getting watered down to nothing because there's nowhere near sufficient support for going as far as you suggest.
> But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device,
Missing the point. If you can play and record sound on an approved device, for example in a call, or transfer text, no matter how filtered, you can use that as a channel for an non-approved device. We used to use heavily filtered low-fidelity audio channels to transfer data, via acoustically coupled modems, after all. Any attempt to filter this just reduces to making it seem more plausibly like acceptable material, e.g. encoding it in speech for example. This is not even a hard problem, though data rates would be low. If a channel can transfer language, it can transfer data.
But we're talking a regime more oppressive than China for this to even be relevant. Even in China today, "normal" VPN tech is sufficient, though a hassle.
> SecureBoot in itself also does not in any sense stop general purpose computing of unsigned code.
It's true that SecureBoot isn't enough, but its current lack of ubiquity is the only thing holding back such a law. A government couldn't demand that a large proportion of voters throw away their PCs / phones, but requiring people to use an "approved" app store is as simple as writing a law and making a couple of calls to Microsoft, Apple, and Google. (See the end of this comment.) Just look at how quickly voters accepted having to carry around a Covid Pass app.
> and you've just kneecapped your software industry ... The EU has a long history of crazy demand like this
Indeed, and this is what people said about the GDPR, and it's what people said about Apple's on-device content scanning, and yet both of those got implemented (to some extent). The regulations I'm imagining are actually quite modest, and basically all software industry groups would support them. They just have to publish a public key on their website, perhaps in some .well-known location, and that would be enough to connect their submissions to app stores with their official company registration details.
Germany, for example, already requires that companies include Impressum information on their websites[0], and the EU is apparently trying to take this idea to its logical extreme with its controversial QWAC certificates[1]. In reality, it is businesses who decide what is reasonable or practical for a jurisdiction to mandate, and Apple is already making people pay an annual developer's tax to them to prove their identity, so no politician is going to say that an "online software development licence" is some sort of impossibility or gross infringement of people's freedoms. (Indeed, a law that makes things slightly more inconvenient for small developers/companies will only be more supported by the lobbyists of big companies, which is further grounds to suspect this will happen).
> If a channel can transfer language, it can transfer data.
You're right, it is possible to generate files that hide encrypted data within them, while also deniably hiding the fact that the encrypted data is there at all, and to do so in a way that is robust against the digital-analog-digital round trip (twice, since both the sender and receiver have to transfer the message between a locked-down and a jail-broken device). And of course the software to do this will have to be sent carefully from person to person, on USB sticks, since any computer that's allowed online will treat it as malware. And people will have to preserve old, unapproved devices to run this code on, which will become increasingly hard to find (with the sale, and then possession, of them being made illegal).
> But we're talking a regime more oppressive than China for this to even be relevant.
It's not more oppressive than China, at least not at the beginning. The first steps are already in place, and no one complained. If a jurisdiction can mandate multiple app stores, then it can mandate only "approved" app stores, and 50% of the population (the Apple fans) will cheer for such regulations, saying that side-loading is dangerous and only the most trusted gatekeepers should be allowed to decide what runs on people's devices.
If you're still not convinced, imagine that the law initially applies just to companies, and is pushed to prevent piracy and to protect cybersecurity of the economy. Would companies really reject such a rule (if it was phased in over a long enough timeframe that all their computers already supported SecureBoot by default)? Perhaps there would be an exemption for software companies to start with, if you think that's a sticking point. Also, imagine these laws being introduced in the aftermath of a cyberattack on energy infrastructure which causes massive prolonged blackouts. I'm not saying this would be a false flag... I'm just saying that one way or another, such a law will pass, even in a liberal democracy.
I never claimed they were motivated to actually stop these crimes.
If the real ultimate goal is to prevent the spreading of "state secrets" (i.e. journalists exposing government malfeasance), or reduce copyright infringement, or limiting the spread of "disinformation", or banning memes that insult public figures, then the government needn't worry about "hobbyist level homebrew retrocomputers". Most people will continue to use mainstream platforms, and most governments mostly care about controlling most people.
Besides, the next step will be to make ISPs deny service to any machine which doesn't have Secure Boot enabled, and which isn't running an "approved" OS, which checks every executable you run. Suddenly your general purpose computing device isn't very useful any more.