Avatar
Signet 2mo ago

Today I helped a user compile the #signet client for an #ARM based version of #MacOS.

It required changing a couple library paths, and I've already upstreamed those changes to the latest copy of the repo.

This was something I've been wanted to test for a long time now, but I don't have the hardware and it's hard to get the time of someone who does. But we did it. Together.

Hardware secured encryption is #cipherpunk meets #cyberpunk ✊

signet - And physical access is within our threat model!

Contrast that to the way hardware security work when made by Intel, AMD or ARM:

https://infosec.exchange/@dangoodin/115459944536890363

Reply to this note

Please Login to reply.

Discussion

Avatar
Dr. Hax 2mo ago

People really overestimate how strong the security of "secure enclaves" (Trusted Execution Environments (TEEs)) are when it comes to physical access.

nostr:nevent1qqsvz7qcp6mq00ajrsf77kgzwvqjdarteze80879ymlfprv3tqq5xygpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygyckg2msm4e7sydvmqrygkymt7tu4e3ue9azaxea04z4fdj3exf4upsgqqqqqqsha3yz3

Projects like nostr:nprofile1qqs09jtvjlmyrxjn37zv70a89csegcz7rpyqjmnw29cveedhv7vagqqpz4mhxue69uhk2er9dchxummnw3ezumrpdejqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpzpmhxue69uhkummnw3ezuamfdejs92xe5k bypass this by design. They go even further than Signet goes in that they don't persistently store any data at all.

Signet stores encrypted data, but not the keys to decrypt them. After all, if you could remember all your passwords and enter them in on each boot, then you don't need a password manager!

TEEs store the keys themselves (for checking signatures of secure boot, decrypting data on disk, etc.) There's some variation on how they're used by different projects, but this is generally true and the lack of security is why QubesOS doesn't rely on secure boot for security.