**Adrian Cochrane** @alcinnz@floss.social · Oct 25, 2018, 19:41

**Adrian Cochrane** @alcinnz@floss.social · Oct 25, 2018, 19:41

Adrian Cochrane @alcinnz@floss.social

Oct 25, 2018, 19:41

Adrian Cochrane @alcinnz@floss.social

And here's where many of us here, including me, differ from Apple:

"We agree with Apple that security is at the heart of all data privacy and privacy rights. Where we disagree is in who holds the keys. Your data isn’t truly private or secure, if someone else holds the keys."

Purism, https://puri.sm/posts/apple-is-right-about-privacy-but-wrong-about-freedom/

**Adrian Cochrane** @alcinnz@floss.social · Oct 25, 2018, 19:42

**Adrian Cochrane** @alcinnz@floss.social · Oct 25, 2018, 19:42

Oct 25, 2018, 19:42

Adrian Cochrane @alcinnz@floss.social

"It’s true that Apple goes to great lengths to lock down their devices from attackers, but like with Google and other proprietary vendors, those locks also lock you out."

**aloapidd** @ddipaola@cybre.space · 2018-10-25T19:47:28Z

aloapidd @ddipaola@cybre.space

@alcinnz I really wish the Chromebook's firmware write disabling screw was on more devices 😑. (but ChromeOS sucks. I run a real OS on mine)

yes, it means evil maid attacks are possible, but I want to rewrite my bootloaders if I want to, dammit!

Oct 25, 2018, 19:47 · · Tusky · · ·

**Adrian Cochrane** @alcinnz@floss.social · Oct 25, 2018, 19:51

**Adrian Cochrane** @alcinnz@floss.social · Oct 25, 2018, 19:51

Oct 25, 2018, 19:51

Adrian Cochrane @alcinnz@floss.social

@ddipaola That screw sounds like a good idea. So you screw it in and it'll block your BIOS settings changing until you unscrew it?

**aloapidd** @ddipaola@cybre.space · Oct 25, 2018, 20:16

**aloapidd** @ddipaola@cybre.space · Oct 25, 2018, 20:16

Oct 25, 2018, 20:16

aloapidd @ddipaola@cybre.space

@alcinnz yep! the screw is in by default and bridges two pads on the PCB that forces the write pin of the SPI flash ROM (containing the firmware) to "off". when the user wants to enable firmware writes, remove the screw, then put it back in to guarantee that even malware with root access can't flash the chip!

**aloapidd** @ddipaola@cybre.space · Oct 25, 2018, 20:21

**aloapidd** @ddipaola@cybre.space · Oct 25, 2018, 20:21

Oct 25, 2018, 20:21

aloapidd @ddipaola@cybre.space

@alcinnz citation on the write-protect screw: https://libreboot.org/docs/install/c201.html#removing-the-write-protect-screw

**sowth** @sowth@freeradical.zone · Oct 25, 2018, 19:57

**sowth** @sowth@freeradical.zone · Oct 25, 2018, 19:57

Oct 25, 2018, 19:57

sowth @sowth@freeradical.zone

@ddipaola @alcinnz this whole "Trusted Computing" mess was conceived by the MPAA and RIAA, then the OS companies decided they can lock out competition by using it. Down with the SSSCA and CBDTPA!

**Adrian Cochrane** @alcinnz@floss.social · Oct 25, 2018, 20:02

**Adrian Cochrane** @alcinnz@floss.social · Oct 25, 2018, 20:02

Oct 25, 2018, 20:02

Adrian Cochrane @alcinnz@floss.social

@sowth @ddipaola Certainly! I don't trust "Trusted Computing".

It's a way to lock me out of my own computer.

**aloapidd** @ddipaola@cybre.space · Oct 25, 2018, 20:18

**aloapidd** @ddipaola@cybre.space · Oct 25, 2018, 20:18

Oct 25, 2018, 20:18

aloapidd @ddipaola@cybre.space

@alcinnz @sowth I wouldn't mind it as much if I could install my own signing keys but, yes, it is a *very* slippery slope. they can revoke our freedom at any point.

I'd much rather have simple hardware-based protections than Secure Boot.

Resources

Developers

What is Mastodon?

cybre.space

More…