Email or username:

Password:

Forgot your password?
Safi's posts Post Back to profile
Top-level
Iska :emacs_thinking:​ :guix:

@inference @safiuddinkhan @cyberspook @m0xee @dushman

Maybe. Why isn't the whole web using android servers, if it's so secure?

16 Jul 2022 at 9:35 | Wall-to-wall | Open on mstdn.starnix.network
12 comments
inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman Because no Linux hardware other than Android is really using HSMs or TEEs with verified boot. The only company I know which does that is Google, using the Titan.
16 Jul 2022 at 9:36 | Open on plr.inferencium.net
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

Verified boot is not a requirement for android, and exists in standard PCs.

16 Jul 2022 at 9:39 | Open on mstdn.starnix.network
inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman Verified boot does not exist in normal PCs. Verified boot is not the same as secure boot, it is an extra layer above which protects the OS integrity, not just checking the bootloader signature. You are very wrong.
16 Jul 2022 at 10:15 | Open on plr.inferencium.net
inference replied to inference
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

How would google's edition of GNU/Linux have verified boot but not normal?
elinux.org/images/f/f8/Verifie

puri.sm is even more secure, even neutralizing IME. Here's one of their features.
puri.sm/posts/new-pureboot-fea

16 Jul 2022 at 10:35 | Open on mstdn.starnix.network
inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman

"Distributions like PureOS are not particularly secure. They are mostly a reskinned Debian and do not include substantial hardening."

https://madaidans-insecurities.github.io/linux-phones.html
16 Jul 2022 at 10:43 | Open on plr.inferencium.net
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

I'm talking about the hardware there. You can install a hardened OS on it, including ChromiumOS or Android-x86.

16 Jul 2022 at 10:45 | Open on mstdn.starnix.network
inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman Chromium OS doesn't have verified boot, only Chrome OS does.

There is no system outside of ARM phones and tablets which take advantage of a HSM or TEE to allow storing OS signing keys (not the same as bootloader/kernel keys, which is secure boot).
16 Jul 2022 at 10:47 | Open on plr.inferencium.net
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

You can boot chromeos there too, but it has at least one backdoor so you're not safe.
google.com/intl/en/chromebook/
(section 4)

chromebooks are bad too.
theregister.com/2019/08/22/buy

Would you trust your house to a thief?

I've already mentioned an article about verified boot on normal GNU/Linux.

@inference @safiuddinkhan @cyberspook @m0xee @dushman

You can boot chromeos there too, but it has at least one backdoor so you're not safe.
google.com/intl/en/chromebook/
(section 4)

chromebooks are bad too.
theregister.com/2019/08/22/buy

16 Jul 2022 at 10:55 | Open on mstdn.starnix.network
MattZ replied to Iska :emacs_thinking:​ :guix:
Computer Security is an unachievable goal, the most reasonable thing to do is not connect your computer to internet 24/7.
16 Jul 2022 at 10:59 | Open on gleasonator.com
Iska :emacs_thinking:​ :guix: replied to MattZ

@colinsmatt11 @safiuddinkhan @inference @dushman @m0xee @cyberspook

Besides you need hardware access or hard fuckups to compromise boot.

Guix with LUKS and SELinux is 99.99% secure, with simplicity and freedom; and definitely better than proprietary jails.

16 Jul 2022 at 11:07 | Open on mstdn.starnix.network
m0xEE replied to inference

@inference @safiuddinkhan @cyberspook @iska @dushman You may be right, but this article is just bad. Hardening in the OS is not good enough so we can just install Android 🤷
Hardware switches are not good enough because we can just use software airplane mode 🤦
Having modem on a separate board so that we can physically disconnect it is not good enough because we can just ask SoC to do it (and trust it) 🤯
It doesn't mean that Liberm5 is perfect, but these points are just awful!

16 Jul 2022 at 10:58 | Open on social.librem.one
Go Up