| ▲ | pas a day ago | |
> You can have sandboxing and system integrity while still giving the user overrides. How? What kind of overrides? You mean that Safetynet could still report attestations? I have no idea how it works, but doesn't it require a chain of trust, starting from a known boot image, then every process that can write to arbitrary memory needs to be a known image? (And even that might not be enough if there are ways to dynamically exploit them.) | ||
| ▲ | wolvoleo a day ago | parent | next [-] | |
No, you can just make a system secure without requiring attestation and stuff like that. I don't believe in remote attestation anyway. It didn't even say the service is secure. It just proves it's as released by Google. But security doesn't have to rely on a big brother checking things for you. You can have security without it. | ||
| ▲ | Zak a day ago | parent | prev [-] | |
You can have integrity checks that allow the user to choose which signing keys to trust. Some PCs with secure boot, and some phones such as Pixel devices support this. GrapheneOS uses it. In those systems, it won't boot without a good signature, so the user is protected against attacks that break the user's chosen chain of trust. Remote attestation of consumer devices, e.g. Safetynet is evil. | ||