Daniel Micay on Twitter: "@johnregehr Simply having the resources to produce a device based on the reference platform with minor tweaks would be great. This code would all be in scope for hardening, and the project would control the boot chain, TEE, SE, etc. GrapheneOS keys would be flashed to the fuses for the fw." / Twitter

UBSan support in Qualcomm's EDK2-based UEFI bootloader: source.codeaurora.org/quic/la/abl/ti SafeStack: source.codeaurora.org/quic/la/abl/ti Amusing how the response to a stack overflow detected by SSP on the unsafe stack is to loop forever... but I guess a watchdog triggers a reboot.

@johnregehr

2

11

Daniel Micay

@DanielMicay

Sep 28, 2019

Information passed to the hardware-backed keystore, which is part of what Auditor uses via attestation: source.codeaurora.org/quic/la/abl/ti Verified boot state display, including the fingerprint: source.codeaurora.org/quic/la/abl/ti It sure would be nice to have a first party GrapheneOS device...

2

3

Daniel Micay

@DanielMicay

Simply having the resources to produce a device based on the reference platform with minor tweaks would be great. This code would all be in scope for hardening, and the project would control the boot chain, TEE, SE, etc. GrapheneOS keys would be flashed to the fuses for the fw.

12:05 AM · Sep 28, 2019Twitter Web App

2

Likes

Conversation