Search Mailing List Archives
[liberationtech] Unique Opportunity: Input to CEOs of Smartphone Manufacturers
blibbet at gmail.com
Thu Jul 11 16:11:04 PDT 2013
> (1) A unique key built into each device, which can't be read directly
> by software, but which can be used to derive other keys (e.g. for disk
> encryption) at a limited rate, slowing down brute-force attacks
> against such keys.
> (2) An effaceable area of flash storage where the operating system can
> store encryption keys for the entire disk and/or individual files,
> making it possible to securely delete the corresponding data without
> having to smash the device into tiny little pieces.
> (3) A pony.
Presuming the smartphone is ARM-based, and presuming if (1) is applied,
it'll probably have ARM TrustZone installed, then:
(4) Install a modern firmware on your smartphone, with useful security
(4a) Linux-based Coreboot. or
Use UEFI's SecureBoot feature, to enhance your Linux/Android/B2G/etc OS,
something none of your competitors are doing, except MS/Win8. To do so,
you need TPM on x86 or TrustZone on ARM, and you need to get your OS
vendor to sign the firmware, and not let MS Win8 hardware logo
requirements confuse you.
Beyond the default TianoCore source, leverage Linaro's ARM-centric fork
of TianoCore, and Intel's MinnowBoard's UEFI which targets Linux
(Angstrom/Yocto), but neither of these Linux-centric UEFI targets
support the SecureBoot feature.
Extend the current UEFI SecureBoot feature, which only targets 1 OS, to
one that lets you securely boot more-than-1 OS, for systems that want to
securely multiboot a handful of OSes (not necessarily installed, but
later, if your device is open, your user may opt to install another
distro; your job is to gather certs of the major ones, so they can
securely boot the main distros.)
(5) Learn from FairPhone's model. Compete with them, by making something
More information about the liberationtech