Idea: secure boot signing system that lives on your phone. Bootloader updates trigger a Bluetooth communication that requires affirmative consent on your phone and then signs the bootloader with a key that never leaves your phone.
-
-
The only point where the user could give meaningful input would be when changing distros or changing bootloaders, right? Or are you talking about bootloader configuration files that are user-editable, like kernel commandline flags?
-
Bootloader updates - consent here is largely "Is this a request that you expected to occur right now"
- 10 more replies
New conversation -
-
-
Compromising my distro's signing system isn't enough to compromise me - you need to compromise the build and integration systems as well, and it's tough to do that in any kind of targeted manner
-
But then you wouldn't want the phone to show a consent dialog, you'd want it to run a reproducible build and create a signature if the build output matches what the distro created, right?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.