24 comments
@inference @safiuddinkhan @iska @dushman @cyberspook @m0xee
actually I believe OnePlus also allows custom signing keys (however not all models have an unlockable bootloader) @roboneko @safiuddinkhan @iska @dushman @cyberspook @m0xee They do, but their implementation is very bad. Their recovery has SELinux set to permissive, making it useless, and it also fails to wipe the memory on reboot. It also has no HSM unlike Pixels, so you're relying on weaker TEE.
@inference
The magic is, the phone is secure… until you root it. "Well, don't root!" Not an option. @safiuddinkhan @iska @dushman @m0xee @cyberspook @safiuddinkhan @iska @dushman @m0xee I'm focused on security, so of course I'm anti-rooting.
If you're not focused on security and want more freedom, sure, root it. @inference
That's the flaw of Android itself, making root so insecure. It's the design issue. One would think getting root is a core functonality of an OS. Not on Android. @safiuddinkhan @iska @dushman @m0xee @cyberspook @safiuddinkhan @iska @dushman @m0xee Linux hardening always includes restricting root access, regardless of Linux proper or Android.
root is, by design, the worst security flaw of Linux. @inference
Root is flawed if there's no proper permission control system in place like sudo or whatever. Nobody suggests this. @safiuddinkhan @iska @dushman @m0xee @cyberspook @safiuddinkhan @iska @dushman @m0xee Even sudo and doas are flawed.
I can give you a simple code block which can save your root password and feed it back: https://madaidans-insecurities.github.io/linux.html#root @cyberspook @dushman @iska @m0xee @safiuddinkhan root access via any means, on any Linux system, regardless of OS, is fatal. Game over. The end.
@inference @safiuddinkhan @cyberspook @m0xee @dushman Maybe. Why isn't the whole web using android servers, if it's so secure? @iska @safiuddinkhan @cyberspook @m0xee @dushman Because no Linux hardware other than Android is really using HSMs or TEEs with verified boot. The only company I know which does that is Google, using the Titan.
@inference @safiuddinkhan @cyberspook @m0xee @dushman Verified boot is not a requirement for android, and exists in standard PCs. @iska @safiuddinkhan @cyberspook @m0xee @dushman Verified boot does not exist in normal PCs. Verified boot is not the same as secure boot, it is an extra layer above which protects the OS integrity, not just checking the bootloader signature. You are very wrong.
@inference @safiuddinkhan @cyberspook @m0xee @dushman How would google's edition of GNU/Linux have verified boot but not normal? puri.sm is even more secure, even neutralizing IME. Here's one of their features. @iska @safiuddinkhan @cyberspook @m0xee @dushman
"Distributions like PureOS are not particularly secure. They are mostly a reskinned Debian and do not include substantial hardening." https://madaidans-insecurities.github.io/linux-phones.html @inference @safiuddinkhan @cyberspook @m0xee @dushman I'm talking about the hardware there. You can install a hardened OS on it, including ChromiumOS or Android-x86. @iska @safiuddinkhan @cyberspook @m0xee @dushman Chromium OS doesn't have verified boot, only Chrome OS does.
There is no system outside of ARM phones and tablets which take advantage of a HSM or TEE to allow storing OS signing keys (not the same as bootloader/kernel keys, which is secure boot). Computer Security is an unachievable goal, the most reasonable thing to do is not connect your computer to internet 24/7.
@colinsmatt11 @safiuddinkhan @inference @dushman @m0xee @cyberspook Besides you need hardware access or hard fuckups to compromise boot. Guix with LUKS and SELinux is 99.99% secure, with simplicity and freedom; and definitely better than proprietary jails. @inference @safiuddinkhan @cyberspook @iska @dushman You may be right, but this article is just bad. Hardening in the OS is not good enough so we can just install Android 🤷 |
@inference @safiuddinkhan @cyberspook @iska @dushman But Graphene only supports Google phones, does it not?
Trusting Google with hardware and not trusting with software is a little weird 🤷