It looks very similar to the “secure boot” mechanisms in Windows and other commercial client OS.
Strikes me as very dangerous though on the web where there are so many paths for malware to get in and this could get in the way of plugging the holes.
No, it's similar to attestation APIs like android SafetyNet (now called Play Integrity API) that are used to check that "your ROM is valid according to Google".
Secure boot can protect you eg. against malware gaining write access and modifying your system. I see it as user protection, as long as you can sign the trust chain. This is what GrapheneOS is doing as far as I know.
It was also dangerous for your PC: as soon as people ceded the ability to led their parties control what we run on our devices--such as by "only firmware signed by Apple can run on my phone"--we lost this war.
PaulHoule|2 years ago
Strikes me as very dangerous though on the web where there are so many paths for malware to get in and this could get in the way of plugging the holes.
fabrice_d|2 years ago
Secure boot can protect you eg. against malware gaining write access and modifying your system. I see it as user protection, as long as you can sign the trust chain. This is what GrapheneOS is doing as far as I know.
saurik|2 years ago