@iska @safiuddinkhan @cyberspook @m0xee @dushman "Distributions...

@iska @safiuddinkhan @cyberspook @m0xee @dushman

"Distributions like PureOS are not particularly secure. They are mostly a reskinned Debian and do not include substantial hardening."

https://madaidans-insecurities.github.io/linux-phones.html

Like 16 Jul 2022 at 10:43 | Wall-to-wall | Open on plr.inferencium.net

6 comments

Iska :emacs_thinking: :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

I'm talking about the hardware there. You can install a hardened OS on it, including ChromiumOS or Android-x86.

16 Jul 2022 at 10:45 | Open on mstdn.starnix.network

inference replied to Iska :emacs_thinking: :guix:

@iska @safiuddinkhan @cyberspook @m0xee @dushman Chromium OS doesn't have verified boot, only Chrome OS does.

There is no system outside of ARM phones and tablets which take advantage of a HSM or TEE to allow storing OS signing keys (not the same as bootloader/kernel keys, which is secure boot).

16 Jul 2022 at 10:47 | Open on plr.inferencium.net

Iska :emacs_thinking: :guix: replied to inference

@inference @safiuddinkhan @cyberspook @m0xee @dushman

You can boot chromeos there too, but it has at least one backdoor so you're not safe.
https://www.google.com/intl/en/chromebook/termsofservice.html
(section 4)

chromebooks are bad too.
https://www.theregister.com/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/

Would you trust your house to a thief?

I've already mentioned an article about verified boot on normal GNU/Linux.

@inference @safiuddinkhan @cyberspook @m0xee @dushman

You can boot chromeos there too, but it has at least one backdoor so you're not safe.
https://www.google.com/intl/en/chromebook/termsofservice.html
(section 4)

chromebooks are bad too.
https://www.theregister.com/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/

Expand text...

16 Jul 2022 at 10:55 | Open on mstdn.starnix.network

MattZ replied to Iska :emacs_thinking: :guix:

Computer Security is an unachievable goal, the most reasonable thing to do is not connect your computer to internet 24/7.

16 Jul 2022 at 10:59 | Open on gleasonator.com

Iska :emacs_thinking: :guix: replied to MattZ

@colinsmatt11 @safiuddinkhan @inference @dushman @m0xee @cyberspook

Besides you need hardware access or hard fuckups to compromise boot.

Guix with LUKS and SELinux is 99.99% secure, with simplicity and freedom; and definitely better than proprietary jails.

16 Jul 2022 at 11:07 | Open on mstdn.starnix.network

m0xEE replied to inference

@inference @safiuddinkhan @cyberspook @iska @dushman You may be right, but this article is just bad. Hardening in the OS is not good enough so we can just install Android 🤷
Hardware switches are not good enough because we can just use software airplane mode 🤦
Having modem on a separate board so that we can physically disconnect it is not good enough because we can just ask SoC to do it (and trust it) 🤯
It doesn't mean that Liberm5 is perfect, but these points are just awful!

16 Jul 2022 at 10:58 | Open on social.librem.one