Hacker News new | ask | show | jobs
by conradev 266 days ago
and I imagine that the initramfs is not encrypted and trivially modifiable?

Apple is able to achieve this securely because their devices are not fully encrypted. They can authenticate/sign the unencrypted system partition.
1 comments
klooney 266 days ago
https://mastodon.social/@pid_eins/113404099228886304

You auth the initrd too

link
conradev 266 days ago
This is super cool, thanks for the link! I’m glad they were able to leverage the TPM
link