Good point, will hold off on talking about pinning to in-order efficiency cores as a potential mitigation until there's a diverse set of approaches to exploiting the issues to test against the in-order execution cores. May or may not pan out as useful.https://twitter.com/d0k/status/949311943675924481 …
The price for devices with strong physical defenses actually makes them unsuitable for that purpose IMO - they're too expensive to throw away when potentially compromised.
-
-
Unfortunately, there are very few cheap devices with proper security updates and reasonable firmware security. Android One is almost providing what the Nexus line used to provide but it's just not quite there.
-
In theory, it's supposed to be a more diverse Nexus line with even cheaper options. In reality, they're not providing the same level of security / support and they're not making it as easy to make proper production builds by making available everything that they use for theirs.
-
For example, it SEEMS like the Android One kernels are in AOSP, but it's likely there are device-specific modifications and configuration and it's not clear where that would be along with factory images for the devices and whatever else is needed to do proper builds for them.
-
Not interested in hacking together support. It needs to be on par with their production releases, which is hard enough for Nexus / Pixel phones... Hoping that Android One is both going to expand and improve because there's little other hope for mobile security for the masses.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.