The Endless Conundrum of creating a secure PinePhone | Dalton Durst
A few days ago, a friendly face joined the Pine64 Development chat room, where developers meet to talk about creating software for many of Pine64’s more complex consumer products (the PinePhone, PineTab, PineBook, and similar). They had a question that sparked days of debate and research:
The question seemed simple enough. Verified Boot – sometimes called or trademarked Secure Boot – verifies that the owner of a system approved a piece of software to run, or boot, on that system. This is usually achieved by checking a set of (practically, for now) unforgeable signatures provided with the software. The theory goes that the device owner had to create the unforgeable signature, and the device owner would not create that signature if they did not approve of the system running the signed software.
The implications of such a system are massive: if I know that the software running on my device was approved by me, I can be reasonably sure that I haven’t accidentally installed malware on it that can hide from me. By extension, I can be reasonably sure that no one else knowingly installed malware on my device without me noticing. They might have done this (for example) over the internet, with a Bluetooth vulnerability, or even by physically taking my phone for a short time. But I’m pretty sure that, every time I boot my phone, the software is in an approved state up until my verification ends.
/https%3A%2F%2Ftf-cmsv2-smithsonianmag-media.s3.amazonaws.com%2Ffiler_public%2F6f%2F64%2F6f64a534-be29-44a3-a883-0c19b5e99984%2Fab1_-_branched_bamboo_coral_3689_7-25-09_jsl_0589.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25416391/STK473_NET_NEUTRALITY_CVIRGINIA_C.jpg)
