Idea: secure boot signing system that lives on your phone. Bootloader updates trigger a Bluetooth communication that requires affirmative consent on your phone and then signs the bootloader with a key that never leaves your phone.
-
-
Replying to @mjg59
How is this better than signature verification with distro keys + rollback protection? If you're compiling the bootloader on your machine, you're inherently trusting the machine anyway. If not, whoever built it can sign for you.
2 replies 0 retweets 1 like -
Replying to @tehjh
Compromising my distro's signing system isn't enough to compromise me - you need to compromise the build and integration systems as well, and it's tough to do that in any kind of targeted manner
1 reply 0 retweets 0 likes -
Replying to @mjg59
But then you wouldn't want the phone to show a consent dialog, you'd want it to run a reproducible build and create a signature if the build output matches what the distro created, right?
1 reply 0 retweets 0 likes
Like, what information can you display to the user that allows them to make a meaningful choice? "Here's GRUB 1.2.3, with binary hash 0123456789abcdef, and your distro pinky promises that there's no backdoor in here, tap here if that sounds good"?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.