Nostr Web Client

I have an idea for nostr:nprofile1qqs09jtvjlmyrxjn37zv70a89csegcz7rpyqjmnw29cveedhv7vagqqprpmhxue69uhkummnw3ezuendwsh8w6t69e3xj7302gfp7r. There's a concern that the seed signer doesn't verify its own firmware. Which, as I understand it, it's because the human writes the SD each time.

Other wallets verify their firmware with a signature. But that's not entirely the truth. Because the bootrom of the microcontroller typical inherently trusts the user bootloader in flash. So what verifies that on boot? Nothing. It's assumed secure because it's hard to access in flash (which is not true see the recent book on Microcontroller Exploits by Travis Goodspeed).

So here's the idea: boot from a CDROM. It's how we used to do it. The image doesn't change. It might need a modification to uboot and the kernel to allow the cdrom file system, but it should be possible.

It also supports seed signers goal of obfuscation. It will appear like the user is just into CDs.

Reply to this note

Please Login to reply.

Discussion

SeedSigner 1y ago

This makes me think of some of the microSD cards with write-once functionality.

But b/c you potentially must verify that the cdrom is the cdrom you think it is (or that the microSD is the microSD you think it is) by inspecting the data it holds, you haven't really solved the issue?

bitpunk.fm is typing 1y ago

If the problem is, is the thing I downloaded the thing I'm going to boot and the issue is you don't trust the thing you downloaded the software on, then the only way to solve is to use a separate device.

Like on a different laptop read the sd card and verify it.

But this is kinda moot anyway. Just download the image onto a reasonable machine. I.e. boot tails, download seedsigner, verify on tails, and then flash.

I would say a CD is cooler than a microsd. Nobody shows off their microsd collection.

I might be a little skeptical of how the write once is done in the firmware of microsd controller, but ultimately yes, they are equivalent.