Email or username:

Password:

Forgot your password?
Safi's posts Post Back to profile
Top-level
inference
8 comments
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

How would google's edition of GNU/Linux have verified boot but not normal?
elinux.org/images/f/f8/Verifie

puri.sm is even more secure, even neutralizing IME. Here's one of their features.
puri.sm/posts/new-pureboot-fea

16 Jul 2022 at 10:35 | Open on mstdn.starnix.network
inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman

"Distributions like PureOS are not particularly secure. They are mostly a reskinned Debian and do not include substantial hardening."

https://madaidans-insecurities.github.io/linux-phones.html
16 Jul 2022 at 10:43 | Open on plr.inferencium.net
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

I'm talking about the hardware there. You can install a hardened OS on it, including ChromiumOS or Android-x86.

16 Jul 2022 at 10:45 | Open on mstdn.starnix.network
inference replied to Iska :emacs_thinking:​ :guix:
@iska @safiuddinkhan @cyberspook @m0xee @dushman Chromium OS doesn't have verified boot, only Chrome OS does.

There is no system outside of ARM phones and tablets which take advantage of a HSM or TEE to allow storing OS signing keys (not the same as bootloader/kernel keys, which is secure boot).
16 Jul 2022 at 10:47 | Open on plr.inferencium.net
Iska :emacs_thinking:​ :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

You can boot chromeos there too, but it has at least one backdoor so you're not safe.
google.com/intl/en/chromebook/
(section 4)

chromebooks are bad too.
theregister.com/2019/08/22/buy

Would you trust your house to a thief?

I've already mentioned an article about verified boot on normal GNU/Linux.

@inference @safiuddinkhan @cyberspook @m0xee @dushman

You can boot chromeos there too, but it has at least one backdoor so you're not safe.
google.com/intl/en/chromebook/
(section 4)

chromebooks are bad too.
theregister.com/2019/08/22/buy

16 Jul 2022 at 10:55 | Open on mstdn.starnix.network
MattZ replied to Iska :emacs_thinking:​ :guix:
Computer Security is an unachievable goal, the most reasonable thing to do is not connect your computer to internet 24/7.
16 Jul 2022 at 10:59 | Open on gleasonator.com
Iska :emacs_thinking:​ :guix: replied to MattZ

@colinsmatt11 @safiuddinkhan @inference @dushman @m0xee @cyberspook

Besides you need hardware access or hard fuckups to compromise boot.

Guix with LUKS and SELinux is 99.99% secure, with simplicity and freedom; and definitely better than proprietary jails.

16 Jul 2022 at 11:07 | Open on mstdn.starnix.network
m0xEE replied to inference

@inference @safiuddinkhan @cyberspook @iska @dushman You may be right, but this article is just bad. Hardening in the OS is not good enough so we can just install Android 🤷
Hardware switches are not good enough because we can just use software airplane mode 🤦
Having modem on a separate board so that we can physically disconnect it is not good enough because we can just ask SoC to do it (and trust it) 🤯
It doesn't mean that Liberm5 is perfect, but these points are just awful!

16 Jul 2022 at 10:58 | Open on social.librem.one
Go Up