zlacker

[parent] [thread] 9 comments
1. ranger+(OP)[view] [source] 2025-07-24 23:41:24
Maybe my tinfoil hat is on too tight, but I always thought it was interesting that Graphene OS places so much blind trust in a proprietary black box security chip from Google that they pinky-promised to open source but never did.
replies(6): >>sigmar+Y5 >>bjackm+I7 >>XMPPwo+b8 >>TheCra+89 >>transp+F9 >>JacobT+od
2. sigmar+Y5[view] [source] 2025-07-25 00:34:03
>>ranger+(OP)
Are you referring to the titan M2? why do you describe Graphene OS putting "so much blind trust in" it? I don't think they put much trust in it besides using it for storing keys and for their "Auditor" app
replies(1): >>TheCra+A8
3. bjackm+I7[view] [source] 2025-07-25 00:47:08
>>ranger+(OP)
If you think the org that produced the hardware might have backdoored it, architecting your software to avoid the TPM or whatever is dumb. Targeting Google HW at all is an unavoidable act of complete trust so you might as well use the HW properly.

Also, why would Google bother backdooring their special HW when 99.999% of its users are anyway gonna be running a totally Google-controlled proprietary SW stack?

replies(1): >>perchi+R8
4. XMPPwo+b8[view] [source] 2025-07-25 00:50:46
>>ranger+(OP)
How is it a black box? You can get the firmware trivially.
◧◩
5. TheCra+A8[view] [source] [discussion] 2025-07-25 00:54:33
>>sigmar+Y5
> I don't think they put much trust in it besides using it for storing keys

Ummm. Was this sarcasm that went over my head? Because if not, I have a hard time thinking of anything that requires as much trust as your private key storage.

◧◩
6. perchi+R8[view] [source] [discussion] 2025-07-25 00:56:32
>>bjackm+I7
> Targeting Google HW at all is an unavoidable act of complete trust

Doesn't the existence of FHE downgrade that to just "complete practical trust" at least? Not that I know of it being employed, but that it could be, and that it may be worth shouting out exactly cause of how niche and impractical it is.

replies(1): >>bjackm+Cz
7. TheCra+89[view] [source] 2025-07-25 01:00:16
>>ranger+(OP)
Because they are a software project. When you're only concerning yourself with software, you have to pick some hardware and move on.

Going down the rabbit hole of secure hardware leads you down a slippery slope of eventually needing to create your own chips. And that's basically impossible these days for anybody smaller than Google or Samsung. So you do some research, pick the best you can, and hope for the best.

Perfect is the enemy of good.

8. transp+F9[view] [source] 2025-07-25 01:03:28
>>ranger+(OP)
OpenTitan has open silicon (RISC-V) and is capable of open firmware (based on Rust TockOS) and is coming to 2025 Chromebooks, >>44416304 . Hopefully a derivative of OpenTitan will ship in future Pixel devices.

Google Pixel hardware provides nested virtualization, enabling a Debian Arm "Linux Terminal" in pKVM/AVF VM, with use of Debian package repos.

9. JacobT+od[view] [source] 2025-07-25 01:42:42
>>ranger+(OP)
You're worried about Google hardware but your requirement for a phone is that it must have Google Pay? Bizarre.
◧◩◪
10. bjackm+Cz[view] [source] [discussion] 2025-07-25 05:38:44
>>perchi+R8
We are talking about hardware here so ultimately you need to trust some manufacturer, software algorithms don't help.

With SEV-SNP and Intel TDX I think it's possible to build a hardware platform that doesn't require the user to trust the OEM although they still need to trust at least one large American tech company that controls the root of trust.

But I don't think this is ever gonna happen for consumer devices. AFAIK it's only sorta kinda happened for any real-world platforms at all (but maybe someone can correct me).

Ultimately if your threat model includes Google as a potential adversary, and you are not in control of nuclear weapons, you are gonna have to make some serious sacrifices to achieve security IMO. Smartphones are out. (Actually, I guess if you trust China you have a way forward).

[go to top]