Idea: secure boot signing system that lives on your phone. Bootloader updates trigger a Bluetooth communication that requires affirmative consent on your phone and then signs the bootloader with a key that never leaves your phone.
Are you talking about an attacker who has the distro's signing key and control over an update server / MITM on the connection to the update server? If so, won't that play out just like case 2? User tries to install updates, sees (evil) bootloader update, installs it?
-
-
No, someone who has the ability to generate a correctly signed malicious binary but not the ability to push that to all users
-
So how would that attacker get that signed binary on the machine of any user? You need code exec as root on the machine, network MITM, or physical access, right? Which of these are you trying to defend against?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.