https://forum.xda-developers.com/apps/magisk/beta-magisk-v13-0-0980cb6-t3618589/post72666791#post72666791 … "Since Magisk is running as root but the SafetyNet checks are not" say hello to TrustZone-based remote attestation.
What if you want to virtualize the whole environment (defeat the DRM)? Do you need one compromised physical device per VM?
-
-
Boot chain and TrustZone are signed and at a higher privilege level than the OS. They have access to private keys not accessible to the OS.
-
So the future is having SafetyNet depend on those higher privilege systems signing a verified boot result + nonce from SafetyNet service.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.