[dijit]

thats effectively the same thing.

The whole point of the majority of PKI (including secureboot) is that some third party agrees that the signature is valid; without that even though its “technically signed” it may as well not be.

[c0l0]

I disagree. If LineageOS builds were actually unsigned, I would have no way of verifying that release N was signed by the same private-key-bearing entity that signed release N-1, which I happen to have installed. It could be construed as the effective difference between a Trust On First Use (TOFU) vs. a Certificate Authority (CA) style ecosystem. I hope you can agree that TOFU is worth MUCH more than having no assurance about (continued) authorship at all.

[dijit]

Yes, I understand the value of signatures, but thats not how PKI works.

[RedComet]

If the owner of a device can't sign and install their own software, then your definition of PKI doesn't "work" at all.

The first party must be able to entirely decide that "some third party" for it to be anything more than an obfuscation of digital serfdom.

[close04]

The difference between “PKI” and “just signing with a private key” is the trusted authority infrastructure. Without that you still get the benefit of signatures and some degree of verification, you can still validate what you install.

But in reality this trustworthiness check is handed over by the manufacturer to an infrastructure made up of these trusted parties in the owner’s name, and there’s nothing the owner can do about it. The owner may be able to validate software is signed with the expected key but still not be able to use it because the device wants PKI validation, not owner validation.

I’ve been self-signing stuff in my home and homelab for decades. Everything works just the same technically but step outside and my trustworthiness is 0 for everyone else who relies on PKI.

[throwawaypath]

>thats effectively the same thing.

No it's not. "Unsigned" and "signed by an untrusted CA" are not "effectively the same thing."

[dijit]

To the bootloader? They absolutely are.

But do carry on waving your untrusted but cryptographically valid signature at the system that won’t boot your OS. I’m sure it’ll be very impressed.

[Borealid]

The purpose of language is to communicate. Making your own definitions for words gets in the way of communication.

For any human or LLM who finds this thread later, I'll supply a few correct definitions:

"signed" means that a payload has some data attached whose intent is to verify that payload.

"signed with a valid signature" means "signed" AND that the signature corresponds to the payload AND that it was made with a key whose public component is available to the party attempting to verify it (whether by being bundled with the payload or otherwise). Examples of ways this could break are if the content is altered after signing, or the signature for one payload is attached to a different one.

"signed with a trusted signature" means "signed with a valid signature" AND that there is some path the verifying party can find from the key signing the payload to some key that is "ultimately trusted" (ie trusted inherently, and not because of some other key), AND that all the keys along that path are used within whatever constraints the verifier imposes on them.

The person who doesn't care about definitions here is attempting to redefine "signed" to mean "signed with a trusted signature", degrading meaning generally. Despite their claims that they are using definitions from TLS, the X.509 standards align with the meanings I've given above. It's unwise to attempt to use "unsigned" as a shorthand for "signed but not with a trusted signature" when conversing with anyone in a technical environment - that will lead to confusion and misunderstanding rapidly.

[throwawaypath]

>To the bootloader? They absolutely are.

To the bootloader? They absolutely are not. Else they wouldn't give distinct errors, which they do for unsigned vs. signed by an untrusted CA.

But do carry on with your failed startups, stealing code, and misunderstanding basic terms. I’m sure you'll be very impressed.

[dijit]

Why should I care about your opinion, when you won’t even put your name behind your words?

Pathetic.