undefined | Better HN

0 pointsdcow3y ago0 comments

1. I don't think "formally verified" means what you want it to here. You mean there a hardware checks signature chain from boot to kernel, secure boot. Apple's software has too many security vulnerability to be considered "formally verified".

2. Android does support device attestation and secure boot. I 100% would love to see our future SMS replacement require frequent signatures from device attestation hardware (why not every message) and require E2EE messages.

0 comments

2 comments · 1 top-level

hedora3y ago· 1 in thread

It is a fork of this:

https://people.cs.ksu.edu/~danielwang/BAS/klein-2014-microke...

This is not the kernel that runs on the host CPU. It is the one that handles keys in the security coprocessor. I don’t know of many hacks of that, in practice. There was one where you could guess the pin, and use a timing attack to power down the chip before it persisted the “bad guess” count, which let people brute force pins (with special hardware).

It’s worth noting that the kernel Apple ships is a fork of L4; no idea if they’ve introduced bugs since the paper was written.

dcowOP3y ago

Didn't realize you were talking about secure enclave.

j / k navigate · click thread line to collapse