You’re proposing essentially a new piece of silicon in a tamper-resistant package, one that is directly hardware-connected to a fuse that must be blown in order for the key to be accessed by hardware. That sounds absurdly expensive.
-
-
Replying to @matthew_d_green @JoeUchill
Except the hardware already has that: There is a bank of fuses for the random device key, which is protected even from the secure enclave (the enclave can use it, but can't see it).
1 reply 0 retweets 0 likes -
Replying to @ncweaver @JoeUchill
As far as I know, there is no bank of e-fuses that’s directly plumbed to the key in order to shut off access, nor is there any way to blow these fuses programmatically outside of the factory.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @JoeUchill
All it takes is one fuse: You have it control a couple of muxes: reveal escrow key, brick access to device key.
2 replies 0 retweets 0 likes -
And it is just fine to require the forensics read to open up the phone to provide additional aux power necessary to blow the fuse.
1 reply 0 retweets 0 likes -
Replying to @ncweaver @JoeUchill
Could you do this safely? Maybe, with many million dollars of new, bespoke hardware dev. Will companies do this safely? Of course not. They’ll do it in software. Particularly the inexpensive phones.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @JoeUchill
But the inexpensive phones are shit anyway
1 reply 0 retweets 0 likes -
Replying to @ncweaver @JoeUchill
To be clear, nobody is going to redesign their silicon *except* for many Apple. Even the high-end Google phones rely on much less sophisticated secure processors (TrustZone) that don’t have direct silicon controlling key access.
2 replies 1 retweet 4 likes -
(Except for maybe Apple.)
2 replies 0 retweets 2 likes -
So you end up with a system that is maybe hardware-secure on the most expensive phones in the world. And software (in TrustZone) secure on anything non-Apple, including expensive Android phones. And software on the app processor for anything that’s inexpensive.
3 replies 0 retweets 3 likes
And all made in China
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.