Sony started publishing official AOSP build support but even they haven't made verified boot available to others.https://twitter.com/CopperheadOS/status/876177221563686913 …
-
-
It can give users an easy way to confirm that they are running an install of CopperheadOS that hasn't been tampered with by an attacker.
-
Remote can mean another device used to scan a QR code or a service that the user can run on their own server if they don't want to use ours.
-
The verified boot process is supposed to show our key fingerprint but it's impractical to manually verify and the size has been too small.
-
If they used alphanumeric characters for the fingerprint instead of hex it could be denser but still a lot to manually verify each boot.
-
There are mitigations to prevent changing the key without unlocking the bootloader but this can provide a much needed layer of defence.
-
Google's key attestation setup provides a form of authentication for first usage to secure the pairing operating with basic authentication.
-
It'd be nice if we had a process for users to check for tampering or hardware swap when they receive their CopperheadOS device from us, etc.
-
There's all sorts of tampering that can be done that wouldn't be detected, like adding touchscreen equivalent of a keylogger.
- 12 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.