Seems like Android 9.0 will have some kind of standard QR support but that might simply be as part of Play Services like so many other useful libraries are now, which is no use to us...
The OS we eventually end up with should be something like Qubes with UI tailored for mobile, and largely-virtualized Android just as a guest.
-
-
Yeah, that's what we want in the long-term, but we'll still need to do substantial hardening for the Linux kernel, Android and the app layer since the security of the guests / apps matters too.
-
It'd be really neat to have something like Microsoft's Linux and cancelled Android app layer on top of a nice microkernel. Could run multiple instances of it, avoiding needing the whole Linux kernel running in each VM.
-
That's something vaguely like what I'll be doing once somebody wants to fund it..
-
Really want generic mobile hardware with standard security features (verified boot, hardware key derivation and delays) that doesn't cost $649+ like Pixels. It really feels like we have to raise a huge amount of money and make it ourselves.
-
Should be able to buy hardware that doesn't have security fuses flashed with keys for early firmware, etc. It's so weird that the barrier to entry is 5-10 million USD to just get generic hardware with verified boot, etc. and full control over the TEE and boot chain.
-
Don't really understand why a couple hundred device vendors get control over all of that and yet it's not possible to buy off the shelf hardware where you can flash your own keys to the fuses and then make your own TZ apps, etc. Other than dev boards at least.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.