zlacker

[parent] [thread] 6 comments
1. PaulHo+(OP)[view] [source] 2023-07-21 18:23:13
It looks very similar to the “secure boot” mechanisms in Windows and other commercial client OS.

Strikes me as very dangerous though on the web where there are so many paths for malware to get in and this could get in the way of plugging the holes.

replies(2): >>saurik+96 >>fabric+87
2. saurik+96[view] [source] 2023-07-21 18:50:01
>>PaulHo+(OP)
It was also dangerous for your PC: as soon as people ceded the ability to led their parties control what we run on our devices--such as by "only firmware signed by Apple can run on my phone"--we lost this war.
replies(1): >>cesarb+6d
3. fabric+87[view] [source] 2023-07-21 18:54:22
>>PaulHo+(OP)
No, it's similar to attestation APIs like android SafetyNet (now called Play Integrity API) that are used to check that "your ROM is valid according to Google".

Secure boot can protect you eg. against malware gaining write access and modifying your system. I see it as user protection, as long as you can sign the trust chain. This is what GrapheneOS is doing as far as I know.

replies(1): >>wzdd+Fo
◧◩
4. cesarb+6d[view] [source] [discussion] 2023-07-21 19:22:04
>>saurik+96
> It was also dangerous for your PC: as soon as people ceded the ability to led their parties control what we run on our devices--such as by "only firmware signed by Apple can run on my phone"--we lost this war.

If that's how "we lost this war", then it was lost before it even started. Even before Apple released their phones, it was already the case that phone firmware came only from the phone manufacturer. That is: phones come from a different lineage than PCs, and were never as open as general purpose computers ended up being.

replies(1): >>saurik+0H
◧◩
5. wzdd+Fo[view] [source] [discussion] 2023-07-21 20:11:51
>>fabric+87
A trust chain beginning at the bootloader is what will ultimately enable this API, though, because that's what SafetyNet/Play Integrity API relies on. If you don't have a locked bootloader, or you're not running stock Android, you won't pass SafetyNet/Play Integrity (at least the higher tiers of it).

To take your GrapheneOS example, apps wishing to support it must add GrapheneOS keys: https://grapheneos.org/articles/attestation-compatibility-gu...

If this proposal goes ahead, it's unlikely that you'll be able to convince site owners and/or ad networks to add the keys of your open source OS.

replies(1): >>fabric+wY
◧◩◪
6. saurik+0H[view] [source] [discussion] 2023-07-21 21:35:27
>>cesarb+6d
I mean, those were by and large fixed function devices and while phone calls are certainly a form of communication they aren't really networked devices. And... while it was technically possible to update the software on them, most people never did.

There were only a scant handful of years where there even existed phones where this could matter... but now this same mentality is being applied to every new category of device--all of which acting as general computing devices--based on these precedents.

◧◩◪
7. fabric+wY[view] [source] [discussion] 2023-07-21 23:10:16
>>wzdd+Fo
I don't disagree with you, but let's not throw away secure boot because Google found a way to ruin it!
[go to top]