undefined | Better HN

0 pointsmvip2y ago0 comments

Agree on the adoption of open standards. That’s a step in the right direction. But even with secure boot on the pi, it’s still missing a TPM for other cryptographic operations. We use a lot of Zero Trust stuff on x86 and you can’t do that on the Pi.

The Pi is fine for videos/images (less proper storage), but chokes on a lot of modern web assets.

0 comments

3 comments · 1 top-level

dividuum2y ago· 2 in thread

True, but now I’m curious what kind of cryptographic operation you’re doing that would need to be protected from local root. Because that should be the only case a TPM is helpful (compared to the Pi secure boot option) and in that case the device is compromised anyway and can show anything on the screen and have all local processes taken over.

Agreed on the web stuff. But I’d say the web sucks, not the Pi. :-)

mvipOP2y ago

We consider anything that you can extract from the drive by removing it security theater. Root or not doesn’t matter.

You’re right that physical access is game over for content in general. This is more about extracting sensitive data (like credentials/tokens to 3rd party sites).

All backend communication is done using mTLS, where the private key never leaves the TPM (on x86).

Moreover, we’re encrypting all sensitive data we send to the device using the corresponding public key. Thus even if you rip the drive out of the device, you won’t have much luck.

dividuum2y ago

Sounds reasonable, but the secure boot mechanism of the Pi not only allows verifying the boot chain but also enables you to implement disk encryption with keys stored in the the hardware itself that you can then only access from the running OS. Stealing the Pi or just taking out the SD card will not allow access to the non-OS parts. I'm not sure if the secure boot stuff of the Pi has ever been thoroughly verified or exposed to serious attacks, but in theory that's all possible.

j / k navigate · click thread line to collapse