| ▲ | Muromec 6 hours ago |
| This kind of thing is generally used to disallow downgrading the bootloader once there is a bug in chain of trust handling of the bootloader. Otherwise once broken is forever broken. It makes sense from the trusted computing perspective to have this. It's not even new, it was still there on p2k motorollas 25 years ago. You may not want trusted computing and root/jailbreak everything as a consumer, but building one is not inherently evil. |
|
| ▲ | wolvoleo 5 hours ago | parent | next [-] |
| Trusted computing means trusted by the vendor and content providers, not trusted by the user. In that sense I consider it very evil. |
| |
| ▲ | charcircuit 4 hours ago | parent | next [-] | | If the user doesn't trust an operating system, why would they use it. The operating system can steal sensitive information. Trusted computing is trusted by the user to the extent that they use the device. For example if they don't trust it, they may avoid logging in to their bank on it. | | |
| ▲ | mzajc 3 hours ago | parent | next [-] | | > If the user doesn't trust an operating system, why would they use it. Because in the case of smartphones, there is realistically no other option. > For example if they don't trust it, they may avoid logging in to their bank on it. Except when the bank trusts the system that I don't (smartphone with Google Services or equivalent Apple junk installed), and doesn't trust the system that I do (desktop computer or degoogled smartphone), which is a very common scenario. | |
| ▲ | LoganDark an hour ago | parent | prev | next [-] | | To trust an Android device, I need to have ultimate authority over it. That means freedom to remove functionality I don't like and make changes apps don't like. Otherwise, there are parts of practically every Android that I don't approve of, like the carrier app installer, any tracking/telemetry, most preinstalled apps, etc. I recently moved to Apple devices because they use trusted computing differently; namely, to protect against platform abuse, but mostly not to protect corporate interests. They also publish detailed first-party documentation on how their platforms work and how certain features are implemented. Apple jailbreaking has historically also had a better UX than Android rooting, because Apple platforms are more trusted than Android platforms, meaning that DRM protection, banking apps and such will often still work with a jailbroken iOS device, unlike most rooted Android devices. With that said though, I don't particularly expect to ever have a jailbroken iOS device again, unfortunately. Apple implements many more protections than Android at the OS level to prevent abuse of trusted computing by third-party apps, and give the user control. (Though some Androids like, say, GrapheneOS, implement lots that Apple does not.) But of course all this only matters if you trust Apple. I trust them less than I did, but to me they are still the most trustworthy. | | |
| ▲ | charcircuit 41 minutes ago | parent [-] | | >to protect against platform abuse, but mostly not to protect corporate interests What do you mean by this? On both Android and iOS app developers can have a backend that checks the status of app attestation. |
| |
| ▲ | bigyabai 2 hours ago | parent | prev [-] | | Do you actually, bottom-of-your-heart believe that ordinary consumers think like this? They use TikTok and WhatsApp and Facebook and the Wal-Mart coupon app as a product of deep consideration on the web of trust they're building? Users don't have a choice, and they don't care. Bitlocker is cracked by the feds, iOS and Android devices can get unlocked or hacked with commercially-available grey-market exploits. Push Notifications are bugged, apparently. Your logic hinges on an idyllic philosophy that doesn't even exist in security focused communities. | | |
| ▲ | charcircuit an hour ago | parent [-] | | Yes, I do believe from the bottom of my heart the users trust the operating systems they use. Apple and Google have done a great job at security and privacy which is why it seems like users don't care. It's like complaining why you have a system administrator if the servers are never down. When things are run well the average person seems ignorant of the problems. | | |
| ▲ | wolvoleo 28 minutes ago | parent | next [-] | | Google certainly hasn't done a great job on privacy. Android devices leak so much information. https://arstechnica.com/information-technology/2024/10/phone... https://peabee.substack.com/p/everyone-knows-what-apps-you-u... About Apple I just don't know enough because I haven't seriously used them for years | | |
| ▲ | charcircuit 22 minutes ago | parent [-] | | Yet, in the big picture Google is doing a good enough job that those information leaks have not caused them harm. When you really zoom in you can find some issues, but the real world impact of them is not big enough to influence most consumers. |
| |
| ▲ | michaelmrose 8 minutes ago | parent | prev | next [-] | | They used Windows XP when it was a security nightmare and many used it long after EOL. I just talked to someone whose had 4 bank cards compromised in as many months who is almost certainly doing something wrong. | | |
| ▲ | charcircuit 4 minutes ago | parent [-] | | I'm talking about people's feelings. People can feel like a Masterlock padlock is secure even if it may be trivial to get past. |
| |
| ▲ | bigyabai 37 minutes ago | parent | prev [-] | | > which is why it seems like users don't care. ...and not because, in truth, they don't care? How would we even know if people distrusted a company like Microsoft or Meta? Both companies are so deeply-entrenched that you can't avoid them no matter how you feel about their privacy stance. The same goes for Apple and Google, there is no "greener grass" alternative to protest the surveillance of Push Notifications or vulnerability to Pegasus malware. | | |
| ▲ | charcircuit 31 minutes ago | parent [-] | | They would stop using them, or reduce what kinds of things they do on them if they didn't trust them. No one is forcing you to document your life on these palatforms. |
|
|
|
| |
| ▲ | UltraSane 36 minutes ago | parent | prev [-] | | Pre-TC mobile/embedded security was catastrophic: Persistent bootkits trivial to install
No verified boot chain
Firmware implants survived OS reinstalls
No hardware-backed key storage
Encryption keys extractable via JTAG/flash dump
Modern Secure Boot + hardware-backed keystore + eFuse anti-rollback eliminated entire attack classes. The median user's security posture improved by orders of magnitude. | | |
|
|
| ▲ | pdpi 5 hours ago | parent | prev | next [-] |
| A discussion you don't see nearly enough of is that there is a fundamental tradeoff with hardware security features — every feature that you can use to secure your device can also be used by an adversary to keep control once they compromise you. |
| |
| ▲ | digiown 3 hours ago | parent | next [-] | | In this case, the "adversary" evaluates to the manufacturer, and "once they compromise you" evaluates to "already". This is the case with most smartphones and similar devices that treats the user as a guest, rather than the owner. See also: https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame | |
| ▲ | izacus 5 hours ago | parent | prev | next [-] | | Not only can, but inevitably is. Security folks - especially in mobile - are commonly useful idiots for introducing measures which are practically immediately coopted to take away users ability to control their device and modify it to serve them better. Every single time. We just had the Google side loading article here. | |
| ▲ | ihsw 35 minutes ago | parent | prev | next [-] | | [dead] | |
| ▲ | Muromec 5 hours ago | parent | prev [-] | | Fair enough, but so does your front door. Either thing is not smart enough to judge the legitimacy of ownership transitions. | | |
| ▲ | pdpi 5 hours ago | parent [-] | | Yeah, not disagreeing with you. It's just that, every time we have this discussion, we see comments like GP's rebutted by comments like yours, and vice versa. All I'm saying is that we have to acknowledge that both are true. And, if both are true, we need to have a serious conversation about who gets to choose the core used in our front door locks. |
|
|
|
| ▲ | wasmainiac 5 hours ago | parent | prev | next [-] |
| I’d like to think I’m buying the device, not a seat to use the device, at least if I do not want to use their software. |
| |
| ▲ | Muromec 5 hours ago | parent [-] | | You can't have that with phones. You are always at the mercy of the hardware supplier and their trusted boot chain that starts with the actual phone processor (the one running GSM stuff, not user interface stuff). That one is always locked down and decides to boot you fancy android stuff. The fact that it's locked down and remotely killable is a feature that people pay for and regulators enforce from their side too. At the very best, the supplier plays nice and allows you to run your own applications, remove whatever crap they preinstalled and change to font face. If you are really lucky, you can choose to run practically useless linux distribution instead of practically useful linux distribution with their blessing. Blessing is a transient thing that can be revoked any time. | | |
| ▲ | the8472 4 hours ago | parent | next [-] | | Not true on the pinephone, the modem is a peripheral module, so the boot chain does not start with it. | | |
| ▲ | userbinator an hour ago | parent [-] | | Nor the Mediatek platforms as far as I know (very familiar with the MT65xx and MT67xx series; not sure about anything newer or older, except MT62xx which also boots --- from NOR flash --- the AP first.) |
| |
| ▲ | RobotToaster 4 hours ago | parent | prev | next [-] | | > You can't have that with phones. Why not? Obviously we don't have that. But what stops an open firmware (or even open hardware) GSM modem being built? | | |
| ▲ | fragmede 4 hours ago | parent [-] | | There are some open firmware, or partially open firmware projects, but they're more proof-of-concepts and not popular/widely-used. The problem is the FCC or corresponding local organization requires cell phones get regulatory approval, and open firmware (where just anybody could just download the source and modify a couple of numbers to violate regulations) doesn't jive with that. https://hackaday.com/2022/07/12/open-firmware-for-pinephone-... |
| |
| ▲ | direwolf20 3 hours ago | parent | prev | next [-] | | The GSM processor is often a separate chip. You may have read an article about the super spooky NSA backdoor processor that really controls your phone, but it's just a GSM processor. Connecting via PCIe may allow it to compromise the application processor if compromised itself, but so can a broadcom WiFi chip. | |
| ▲ | rvba 4 hours ago | parent | prev [-] | | Of course you can have that. The governments can ban this feature and ban companies from selling devices with that. |
|
|
|
| ▲ | piskov 6 hours ago | parent | prev [-] |
| > It's not even new, it was still there on p2k motorollas 25 years ago. I’m sure CIA was not founded after covid :-) |
| |
