Idea: secure boot signing system that lives on your phone. Bootloader updates trigger a Bluetooth communication that requires affirmative consent on your phone and then signs the bootloader with a key that never leaves your phone.
-
-
In the cases of (2) and (3) I'm already screwed, so it's basically irrelevant. But I'm now protected against someone only having compromised my distribution's signing infrastructure.
-
Are you talking about an attacker who has the distro's signing key and control over an update server / MITM on the connection to the update server? If so, won't that play out just like case 2? User tries to install updates, sees (evil) bootloader update, installs it?
- 3 more replies
New conversation -
-
-
case 1, the system is currently installing updates. case 2, the system is currently installing updates (from a malicious source). case 3, the attacker either waits until the system is installing updates or pretends that the system is installing updates.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.