undefined | Better HN

0 pointslxgr3y ago0 comments

Yes, it could absolutely do that.

The only way around that would be for Trezor to ship their devices with some sort of attestation function (e.g. a private signing key to which they publish the public key, or sign it via a PKI and include a certificate) and validating that, not just the statement "I promise to be running the authentic firmware", a hash over the firmware, a complete firmware dump or anything else not involving a challenge-response or uncloneable function of some sort.

0 comments

ReactiveJelly3y ago

Similar problem to Trusted Platform Module / Secure Boot, right?

In that case the golden keys can leak, but it's better than nothing.

throwaway2903y ago

leaked key seems worse in that people will think they have this security measure working for them while they don't. Without this measure there is no illusion at least

j / k navigate · click thread line to collapse

0 comments

ReactiveJelly3y ago

Similar problem to Trusted Platform Module / Secure Boot, right?

In that case the golden keys can leak, but it's better than nothing.

throwaway2903y ago

leaked key seems worse in that people will think they have this security measure working for them while they don't. Without this measure there is no illusion at least

j / k navigate · click thread line to collapse