[realusername]

They already have cryptographic authentication for parts, they know it's a genuine part from a donor board, they just purposely reject it.

> Are those exclusive options? I don't know. Which one I think is more important? I don't know.

First they are indeed not exclusive options, locking parts when the phone is locked is a possible option.

And then we have to think what's the most common for most people, a dropped iPhone on the floor which needs a component change or somebody swapping touchid while you are sleeping. I have my own idea on that.

[throwaway290]

> They already have cryptographic authentication for parts

What if a genuine part is modified. I am not sure it is a solvable problem?

> First they are indeed not exclusive options, locking parts when the phone is locked is a possible option.

If that is technically possible I am all for it (but if I had to choose between no integrity protection and integrity protection that makes it harder to repair, I don't know what I would choose). However if you are a phone, how would you distinguish between a legitimate repair and malicious swapping out of parts? Sounds like incompleteness theorem would say you can't

[realusername]

> What if a genuine part is modified. I am not sure it is a solvable problem?

Same problem as it is now, nothing changes.

> However if you are a phone, how would you distinguish between a legitimate repair and malicious swapping out of parts? Sounds like incompleteness theorem would say you can't

If your threat model is malicious swapping parts, an iPhone isn't for you anyway, you need a device more secure than that.

And I doubt that applies to more than an handful of individuals, even targeted attacks themselves usually don't go this far and prefer to just exfiltrate the data by software.

[throwaway290]

> Same problem as it is now, nothing changes.

Now the phone warns you about a replaced part. Even if it is a genuine one.

> If your threat model is malicious swapping parts, an iPhone isn't for you anyway, you need a device more secure than that.

This is a thread model of many people in many countries today. Sorry for stupid question but is there a usable phone that is more secure, seriously?

[realusername]

> Now the phone warns you about a replaced part. Even if it is a genuine one.

Yes, and that's a broken behavior.

> This is a thread model of many people in many countries today. Sorry for stupid question but is there a usable phone that is more secure, seriously?

No it's not a threat model of many people. I'm not even aware of such an attack existing publicly, please link relevant media articles of past attempts, including on Android. Targeted attacks go for the software because it's easier and doesn't leave a trace.

> Sorry for stupid question but is there a usable phone that is more secure, seriously?

Publicly you have GrapheneOS, privately you have security firms providing secure systems for high profiles which are targets.

[throwaway290]

> I'm not even aware of such an attack existing publicly, please link relevant media articles of past attempts, including on Android. Targeted attacks go for the software because it's easier and doesn't leave a trace.

Absence of evidence != evidence of absence. It is technically doable and not that difficult, give a minute or two in private with someone's phone.

> Publicly you have GrapheneOS, privately you have security firms providing secure systems for high profiles which are targets.

Does GrapheneOS protect from part replacement?

Also I mean entire populations, such as prosecuted ethnic minorities or people with political views (cf Uighurs or HK freedom supporters). They also need to live a normal life by the way, where they can use the normal apps and not conspicuously juggle two phones all the time.