The fact there are no technical reasons preventing things from being good is irrelevant: there are countless business and political reasons, and those are the ones that matter.
It doesn't matter that better technology could theoretically exist. It matters that remote attestation almost perfectly serves the interests of corporations and governments.
The better, more granular technology doesn't matter. The banks won't use them, they'll say it enables fraud and money laundering. WhatsApp won't use them, they'll say it enables spam and scams and abuse. Streaming apps won't use them, they'll say it enables copyright infringement. And so on, and so forth. The only technology they'll use is the one where they maintain control over the machine.
They will not tolerate the machine being yours. Because if you own the computer, you can make it spam people and copy movies if you want to. They gotta own the machines. If they can't, they'll take their balls and go home.
Are banks blocking desktop web browsers? You can access bank websites using a desktop web browser in the Debian Linux VM that is running in parallel to the Android VM. No app store, attestation or DRM needs to be involved.
Absolutely. My bank does not allow many operations via web browser anymore. It directs me to use the mobile apps. "Fraud prevention". All banks in my country are like that.
They only allow internet banking on a personal computer if you install their "security module". It's a kernel module that makes the computer incredibly slow. Once upon a time I tried to reverse engineer that thing to figure out why and I caught it intercepting every single network connection. That told me all I needed to know.
They want to own our computers. They think it's justified. As if "fraud" excuses everything. There is no limit they wouldn't cross. It's about control. They want to have all the control while we have zero.
In theory, pKVM could encapsulate a web browser with spyware kernel module into a dedicated VM that cannot see other traffic. The bank could "own" the banking client VM, while the device owner could run other VMs of their choice.
This merely isolates the problem. It still means we don't fully own our machines.
These virtual machines you speak of would be running on our machines but configured so that we actually have zero access to them. Do we really own the machines if we can't see the code they're running? If we can't view or edit the memory?
Those virtual machines are little foreign embassies on our machines that lets them claim sovereignty over our computing resources. It's our land but their territory and laws. Our computers, processors and memory but their code and data. They carve out little niches out of our own hardware that even we cannot access.
Stuff like this cannot happen without them usurping some amount of power from us. And they will probably usurp far more than they need to. Because they can.
It doesn't matter that better technology could theoretically exist. It matters that remote attestation almost perfectly serves the interests of corporations and governments.
The better, more granular technology doesn't matter. The banks won't use them, they'll say it enables fraud and money laundering. WhatsApp won't use them, they'll say it enables spam and scams and abuse. Streaming apps won't use them, they'll say it enables copyright infringement. And so on, and so forth. The only technology they'll use is the one where they maintain control over the machine.
They will not tolerate the machine being yours. Because if you own the computer, you can make it spam people and copy movies if you want to. They gotta own the machines. If they can't, they'll take their balls and go home.