• uis@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    4 months ago

    If the hardware signatures don’t match

    Compromised hardware will say it is same hardware

    If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.

    Compromised hardware controls execution of software. Warning is done in software. Conpromised hardware won’t let it happen.

      • uis@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        Compromised hardware can’t create new signatures, but it doesn’t matter because it controls execution of software and can skip any checks.

        • 9tr6gyp3@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          If the hardware is tampered, it will not pass the attestation test, which is an online component. It will fail immediately and you will be alerted. Thats the part of verified boot that makes this so much harder for adversaries. They would have to compromise both systems. The attestation system is going to be heavily guarded.

          • uis@lemm.ee
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            4 months ago

            which is an online component.

            So, storing on Signal’s server key to decrypt keys. Welcome back to apple-isms and online-only.

            It will fail immediately and you will be alerted.

            Provided you have some other non-compromised way of communications.

            • 9tr6gyp3@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              4 months ago

              Yes, verified boot will have out-of-bands alerts for you by design. Without the online component, you will risk not being able to detect tampering.