Not everyone using an aftermarket OS wants to roll back the security model and disable security features. Proper verified boot is a small part of what we expect potential hardware partners to implement. It's not proper verified boot if firmware bypasses aren't fixed like this.
Conversation
You're welcome to use something other than GrapheneOS if you don't want the standard security model and hardware-based security features intact. Rollback protection is a basic security feature and has already been used for years, just not for the early SoC boot chain in practice.
2
And ultimately, that's why I don't use GrapheneOS.
But it could be a great OS if it didn't insist on denying owners control of their devices, so it's a shame.
It's looking like this case wasn't even a security fix, just DRM.
1
Verified boot is an important security feature primarily used to make privileged persistence much more difficult for an attacker. If they can simply write out a vulnerable SoC boot chain, it doesn't work. It's secondarily used for anti-tampering and the same thing applies to it.
2
Yes, but my security model (for my phone) assumes I always have physical custody of my phone, so verified boot is worthless to me.
I understand and agree it is important to others.
I'm not suggesting taking any of that away from them.
2
1
The primary threat model for verified boot is defending against a remote attacker trying to persist on the device, not physical security. Anti-tampering is a secondary and less important threat model for verified boot. Chromebooks don't really bother even trying to do that part.
3
1
If the owner could re-flash the entire device, it wouldn't be possible for a remote attacker to persist in the first place...?
1
You flash device by interacting with firmware on the device and there are a whole bunch of components which have firmware: SoC firmware including firmware for GPU, media encode/decode, image processing, crypto engine, TEE and much more, touchscreen, battery, USB controller, etc.
2
I guess we're now entering the realm of "what if", but it would be nice to have a ROM that can be used to clean flash it.
(And open source firmware for everything)
1
Open source firmware for everything implies making a new SoC based on open RISC-V core designs and creating a GPU and all the other components like the memory controller, USB controller, battery, touchscreen, TEE, secure element, etc. as part of that too.
My desktop workstation has entirely open source firmware (POWER9), so that's basically been done before.
1
2
Talos II has mostly open source firmware but the SoC itself isn't actually open yet and there are still proprietary components. OpenPOWER is open but those POWER9 CPUs are not actually OpenPOWER with open core designs, they just supposedly will be in the future at some point.
2
Show replies
Open source firmware doesn't imply not having verified boot and rollback protection.
Trusty OS and OpenTitan are open source so there's a starting point for making TEE and secure element with the same base that current and future Pixels will be using for the foreseeable future.
1
Verified boot is okay, so long as the owner makes the decisions and controls the chain of trust.
Rollback protection, however, is pretty incompatible with open source. There is no "backward" when an attacker can just add the exploit "feature" to a new version.
1
Show replies