
Securing the Boot Process - mkesper
https://queue.acm.org/detail.cfm?id=3382016
======
bo1024
I've always been pretty skeptical of secure boot and trusted hardware modules
since it seems to generally mean "trusted by the manufacturer, not the user".
The model feels like the manufacturer owns and controls the device, and the
user is just barely trusted enough to press the boot key.

Because of this I appreciated that the article stressed the importance of
open-source firmware and called out companies like Intel for user-hostile
approaches.

~~~
userbinator
It's been like that since the beginning of "Trusted Computing" \--- it was
originally for DRM. Only within the last decade(!) has it been advocated
strongly as a security feature, and my belief is that the companies (and the
government) have realised that security paranoia is a powerful tool of
control. Unfortunately most people won't question anything if it's "for
security".

I don't think open-source is really all that important, and the article is
being very misleading in that respect; in fact, if we don't have the keys, all
that being open-source does is to allow us to easily see how they're
oppressing us. (Of course, there's also the Ken Thompson Hack --- inspecting
the binary is the _real_ way to determine if there's anything unusual.)

This is a related article which everyone interested in this topic should read:
[https://www.gnu.org/philosophy/right-to-
read.en.html](https://www.gnu.org/philosophy/right-to-read.en.html)

~~~
coretx
I long back to the days when we said security is compromised when a adversary
had physical access and that zero point many zero's 1 dollar jumper physically
setting things to read only works just fine. Today I primarily don't trust my
systems because of the manufacturers seeing me -the owner- as the #1 security
risk and favoring corporate interest over client interest.

------
transpute
Reproducible builds of open firmware, BMC and boot components can enable
owner-managed keys for verification of platform and application integrity,
rooted in (increasingly open) hardware. Recent conference talks on hardware-
assisted security and open firmware:

OSFC 2019: [https://osfc.io/archive](https://osfc.io/archive)

PSEC 2019:
[https://platformsecuritysummit.com/2019/videos](https://platformsecuritysummit.com/2019/videos)

FOSDEM 2020:
[https://fosdem.org/2020/schedule/track/open_source_firmware_...](https://fosdem.org/2020/schedule/track/open_source_firmware_bmc_and_bootloader/)

------
sneak
TFA:

> _Most people remember when the FBI wanted a backdoor into iPhones and Tim
> Cook refused._

Fewer people remember when the CCP wanted a backdoor into iCloud and Apple
said yes, for fear of losing its largest growth market. Presently, all iCloud
users in China are hosted by a Chinese company, in China, to which the CCP by
law has full access.

There is also a claim that Apple cancelled a plan to e2e encrypt iCloud phone
backups, which would mean that Apple/FBI could no longer decrypt your phone’s
backup. All iPhones logged in to iCloud are backing up to iCloud by default
with encryption that Apple/FBI can read. The claim is that the FBI
specifically requested that they _not_ further secure this, which would
prevent their current methods of easily accessing these backups.

Note that your backups generally contain your complete iMessage and SMS
history, including all attached images and videos.

There’s little practical point in denying a backdoor into a seized phone if
Apple/FBI already have a copy of everything on it that they can decrypt and
read because your backups are encrypted to _Apple_ , not you.

(They do this because many, many people lose their device, and have forgotten
their Apple ID password which then needs to be reset. The naïve solution to
this is to simply encrypt the backups to an Apple key, which is always
decryptable by Apple as required for restore after resetting your password via
alternate ID verification. Unfortunately it puts every single user of iCloud
backup at risk of bulk surveillance.)

The whole thing is rather performative, like they are showing off for the
market. Indeed, people well respected (such as the author of TFA) are
repeating this meme without any of the associated caveats.

 _Make sure you tell your family and friends to disable iCloud and more
specifically, iCloud device backups if they value their privacy._

~~~
lorenzhs
This is an article about securing the boot process on various platforms.
Whatever your thoughts on Apple's cloud security practices (I'm not a fan
either), it gets tedious to have this brought up _every time_ an article is in
any way related to Apple and security. Boot security matters, regardless of
whether your cloud backups are end-to-end encrypted or not. I find calling it
"rather performative" disingenuous.

~~~
sneak
Yes, my comment is orthogonal to the topic of the article. I’m just so
incredibly tired of seeing people trot out this commonplace and false Tim Cook
vs the FBI narrative entirely uncritically, which is precisely what TFA does.

