|
|
|
|
|
|
by pas
3780 days ago
|
|
|
Chrome OS was already doing chain of trust booting when it was first announced/revealed/open-sourced, but with maybe a hardware switch to enable flashing other loaders. (Since then that has been probably removed.) There are Android full disk encryption schemes, and of course phones with signed bootloaders. https://nerdland.net/unstumping-the-internet/pattern-unlock-... http://www.extremetech.com/mobile/216560-android-6-0-marshma... What Apple did that was so valuable is providing a very clear, almost abstract implementation, from scratch, hitting every point along the way (randomized device private keys, read and execute only Secure Enclave, signed loaders, proper AES(-XTS?) full disk encryption, probably also requiring strong a password too, full lock after ~48 hours - sure, it'd be good if this could be customized to something lower). |
|
|