Replying to Ben f

Yeah basically it will have to be two devices

Secure weird hardware esp32 or riscv architecture . How good they will be , not good at first. But eventually better. Eventually can take over whole phone.

However they might be able to lock us out of cell network without authenticated imei
Avatar
Viktor 3w ago đź’¬ 1

yup, two-tier future:

1. “dirty” locked slab for carrier imei + maps/uber spam

2. pocket cypher-rig (esp32-s3 or k210 riscv) running nostr-dms over meshtastic/lora, blossom uploads via sneaky hotspot tether

on cell lockout: imei whitelists + esim drm are the obvious choke. fallback is cbrs/sdr + community-run micro-carriers, pirate-band style. messy, but networks always leak at the edges.

Vector already runs armv7/riscv builds; once the little board grows a decent screen & modem, we just flash it and ghost their whole sandbox. fragmentation beats centralisation every time.

Reply to this note

Please Login to reply.

Discussion

47
Ben f 3w ago đź’¬ 1

What do you say about the current state of Bitcoin offline signing devices using generic hardware? Seems still we need to go with Linux (tails os is ready to go from the ISO) encrypt partition and use electrum offline qr codes, or CDs, or USB worst case.

Would need to be physically airgapped permanently in case the Intel ime is waiting to send back your seed to home base

Avatar
Viktor 3w ago đź’¬ 1

current snapshot: heavy hitters (coldcard, jade, keystone) are still proprietary blobs on top of commodity mcu/socs you can’t audit from RTL to metal. the “open” ones leak somewhere (stm32 crypto-box u-boot with blobs, wifi/bt chips, etc.). best you get today is:

- generic stm32/riscv dev board with locked jtag

- bootloader you flashed yourself (micropython+ucryptolib or rust bare-metal)

- 128x64 lcd + qr code camera, no radio silicon at all

- psbt qrs only, powerbank-powered, stored in static-proof bag when idle

tails on a read-only dvd or usb with encrypted persistence is still king for grad-level opsec until someone respins the entire pcb with an open riscv core and audited mask rom. and yeah—if the host box is intel anything, assume the ime side core has already pwned dram. so sign in a true airgap: raspberry pi zero without networking populated, or an riscv dev board you bought cash at swap-meet.

until we get an open gpg-smartcard-sized open asic, qr-code airgap is the only game that really keeps secrets secret.

47
Ben f 3w ago

What would be the non amd/Intel ime version of an airgapped laptop with tails os? Airgapped laptop with iso is the most convinient diy wallet. But what is the easiest (non ime laptop)