[kwlug-disc] February topic needed, redux
Doug Moen
doug at moens.org
Tue Jan 19 23:25:10 EST 2021
I'm quite interested in Graphene. It appears to be the most secure and private free-software mobile operating system.
Note, Graphene hasn't been ported to PinePhone, nor is it clear to me if the PinePhone hardware supports Graphene's stringent security requirements. The thing is, PinePhone is marketed as a secure phone, so there's an opportunity to contrast the different approaches to security. Pinephone has hardware kill switches for radios. The threat model that justifies these kill switches is: you don't trust the software (which might be a generic Linux distro) to do a proper job of mobile security? I'm not convinced that this kind of thinking is the basis for a secure phone. The software needs to be trustworthy; it needs to be designed from the ground up for the specific needs of mobile security.
Graphene has a different set of requirements for hardware based security, and only a minority of phones meet these standards:
> Standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there's not much that the OS can do to provide an alternative.
- Doug
On Tue, Jan 19, 2021, at 10:32 PM, Scott Frederick wrote:
> Related to the open source phone topic would be a
> presentation/discussion on the GrapheneOS, an open source alternative to
> android. I would be interested in that.
>
> -Scott
>
> On 2021-01-19 11:45 a.m., Paul Nijjar via kwlug-disc wrote:
> > It looks like we may have a PinePhone presentation in Feb.
> >
> > - Paul
> >
> > On Tue, Jan 19, 2021 at 10:59:29AM -0500, Paul Nijjar via kwlug-disc wrote:
> >> One of our presenters for February just had a conflict and cancelled.
> >> You know what question is coming next: can anybody pitch in with a
> >> topic?
> >>
> >> Have people been following this PinePC thing? I had not heard of it
> >> before. If we have a few people who follow it (or other open hardware
> >> stuff) then we could maybe do a discussion about it as opposed to a
> >> presentation.
> >>
> >> - Paul
> >> --
> >> Events: https://feeds.off-topic.kwlug.org
> >> Blog: http://pnijjar.freeshell.org
> >>
> >> _______________________________________________
> >> kwlug-disc mailing list
> >> kwlug-disc at kwlug.org
> >> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
More information about the kwlug-disc
mailing list