GrapheneOS currently signs the zips used to perform the initial install with signify. These signatures are provided as a way to bootstrap trust via your existing OS.
Beyond that, we don't use signify. Signatures for update packages, images (verified boot) and apps are built-in.
Conversation
Signify is a great fit but it isn't very portable. It isn't included in macOS or Windows. OpenSSH has file signing and verification via `ssh-keygen -Y` and we're likely going to be using it to take advantage of OpenSSH being included in macOS, Windows and nearly everywhere else.
Replying to
Ya'll ever think about partnering with purism?
I'd love to see Graphene on that kind of hardware.
1
Replying to
Please read the thread at twitter.com/GrapheneOS/sta. You're suggesting we support hardware with drastically worse privacy and security. It's far from meeting our requirements. We'll never lower our standards like that.
They have incompatible goals and explicitly sabotage security.
Quote Tweet
We're hopeful the recent attention will help us with finding hardware partners with aligned goals.
It's a requirement for the devices to be at least as secure as a Pixel. That includes a modern mobile SoC and a comparable secure element to the Titan M implementing the same APIs.
Show this thread
1
3
Show replies