Hacker News new | past | comments | ask | show | jobs | submit login

A good secure boot implementation is nice, as long as you can add your own verification keys.



But that defeats the point of tamper-proof hardware: it should not be modifiable via software.

Unless you make adding your own keys a one-time event and then blow fuses, I’m not sure you can have a secure boot chain slung with control over the hardware keys.


It's about ownership. I want to own my phone. That means whatever I do with it is by definition not tampering.

The procedure should involve repeated ability to add and remove keys, but require direct physical access to the chip, perhaps by means of a separate device that's coded to only work with your phone, and that you would never carry together with your phone. Lacking that, I guess "one-time event and then blow fuses" is fine too, though end-users need to be warned up front they're doing something irreversible and must be absolutely sure to protect their key.


One time events is not an okay tradeoff: the ability to revoke the key is important too. Keys aren't meant to last forever.


Aren’t the trusted boot signing keys from MSFT burned in and therefore not revocable? Maybe they have multiple keys with some offline backup keys or something.


Actually the solution is to store the secure-boot key and the full-disk-encryption key in the same place, and design the hardware so that erasing the former also erases the latter. You don't need any one-time anything.


Or, if you need more flexibility, some kind of out-of bound mechanism that doesn't rely on the OS that is booting and you are trying to verify. This could be loaded via some kind of internal memory card or via an interface that requires access to the board. This opens you up to physical attacks but you get a bit of a middle ground between security and flexibility.


You buy a blank chip and burn in a key. That's a reasonable model, unlike asking the chip vendor to sign your key.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: