The real answer to your question is that the vast majority of people don’t have the time, inclination or skills to manage it themselves.
The techy answer is that unless you are writing or reviewing every line of the firmware/OS yourself, and also securing them with certificates you’ve self signed with hardware/software that you’ve already reviewed or written yourself, you’re still trusting something to a third party.
Also your statement here is pretty backwards to me:
This is sold as security, but security means nothing if only one party controls the locks.
You may not trust Apple or whomever, but a lock with only one key holder is definitely more secure than a lock with many. Maybe just the wrong metaphor?
Ultimately, I think the real point is that Apple is a commercial entity driven by a profit motive, so will act in its own interest to that end. It never stated that iPhone was a device where you could roll your own secure boot or change firmware or whatever - it sold a mass market product to mass market consumers who largely don’t care about any of this stuff. In this regard at least, Apple’s secure boot is more secure than nothing.
I do, however, agree that you can’t necessarily trust this particular gatekeeper, so buyer beware.
The real answer to your question is that the vast majority of people don’t have the time, inclination or skills to manage it themselves.
The techy answer is that unless you are writing or reviewing every line of the firmware/OS yourself, and also securing them with certificates you’ve self signed with hardware/software that you’ve already reviewed or written yourself, you’re still trusting something to a third party.
Also your statement here is pretty backwards to me:
You may not trust Apple or whomever, but a lock with only one key holder is definitely more secure than a lock with many. Maybe just the wrong metaphor?
Ultimately, I think the real point is that Apple is a commercial entity driven by a profit motive, so will act in its own interest to that end. It never stated that iPhone was a device where you could roll your own secure boot or change firmware or whatever - it sold a mass market product to mass market consumers who largely don’t care about any of this stuff. In this regard at least, Apple’s secure boot is more secure than nothing.
I do, however, agree that you can’t necessarily trust this particular gatekeeper, so buyer beware.