Idea: secure boot signing system that lives on your phone. Bootloader updates trigger a Bluetooth communication that requires affirmative consent on your phone and then signs the bootloader with a key that never leaves your phone.
-
-
Replying to @mjg59
How is this better than signature verification with distro keys + rollback protection? If you're compiling the bootloader on your machine, you're inherently trusting the machine anyway. If not, whoever built it can sign for you.
2 replies 0 retweets 1 like -
The only point where the user could give meaningful input would be when changing distros or changing bootloaders, right? Or are you talking about bootloader configuration files that are user-editable, like kernel commandline flags?
1 reply 0 retweets 0 likes -
Replying to @tehjh
Bootloader updates - consent here is largely "Is this a request that you expected to occur right now"
1 reply 0 retweets 0 likes -
Replying to @mjg59
Wouldn't I always expect that to occur every time I run a system update?
1 reply 0 retweets 1 like -
-
Replying to @mjg59
seems like the Security Key model of "tap button on login, confirming that you want the machine to log in to *something* (without communicating what that thing is)", except instead of doing it whenever you log in, you do it whenever the machine tells you to
1 reply 0 retweets 1 like -
Replying to @tehjh
If a request is being triggered then either: 1) I'm getting a legitimate update 2) My distro's entire infrastructure has been comprehensively owned 3) My machine is already compromised
1 reply 0 retweets 0 likes -
Replying to @mjg59
I don't get your point. In all three cases, the user will think "ah, I'm getting a legitimate system update" and press yes. What hurdle does requiring user consent on a separate device create to an attacker?
2 replies 0 retweets 1 like
case 1, the system is currently installing updates. case 2, the system is currently installing updates (from a malicious source). case 3, the attacker either waits until the system is installing updates or pretends that the system is installing updates.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.