https://twitter.com/CopperheadOS/status/972536015436107777 … Forbidding people from making secure devices with an immutable hardware root of trust: freedom! Forbidding killing people with drones: slavery! Today's ethics lesson brought to you by the GPL3.
Re: hw root of trust, there are totally ways to do it that leave user freedom to change or replace sw, free of vendor lock-in.
-
-
To replace software, sure, but the firmware leading up to when the user configured key is read needs to be verified from a hardware root of trust. It's also inherently more secure to have an immutable key without relying on state. Can close most of the gap but never all of it.
-
We're quite aware since we only currently support phones using an owner-controller public key to verify the OS from the late stage firmware. If we made our own device we'd hard-wire the key instead of storing it in protected state. Even if the benefits are small they do exist.
-
Could sell devices where the users could blow the sec fuses to set up using their own key but that's setting up a recipe for disaster because it's too easy for people to turn it into a brick and blame the vendor.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.