undefined | Better HN

0 pointstomcam2y ago0 comments

I have been nominated seven straight years for hacker news reader with the least knowledge of security, so I’m embarrassed to ask: what keys would one want to sign and why?

0 comments

4 comments · 2 top-level

highwaylights2y ago· 1 in thread

It’s not your keys, it’s the Operating System keys uploaded to your device.

Essentially the same way UEFI secure boot works in the PC world.

You’re telling the device hardware “it’s only ok to run software that’s been signed with the private key that matches this public key”, so that once you’ve done that, you can have confidence that the operating system hasn’t been modified in future by anyone other than the original vendor (as only they have the private key).

tomcamOP2y ago

That's a perfect explanation. Thank you.

kadoban2y ago· 1 in thread

The keys that verify that new boot software is allowed, the ones that verify it's coming from _you_ and not some other asshole trying to take over your phone after you rooted it.

tomcamOP2y ago

Ah, relief. Thank you.

j / k navigate · click thread line to collapse