• Emerald@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              6 months ago

              Does your laptop run free software boot firmware? If not, it has the same issues as a phone, if not more. No smartphone runs fully free firmware.

                • Emerald@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  6 months ago

                  Framework doesn’t have free boot firmware either and it contains the Intel ME (the backdoor in Intel CPU’s). The point I am trying to make is that you won’t find a perfect solution anywhere.

                  • 𝕸𝖔𝖘𝖘@infosec.pub
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    6 months ago

                    You’re right, but I never said perfect. Perfect doesn’t exist. I’m looking for reasonable and sustainable. Projects like framework and libreboot are making this possible for the first time in history. But, like you eluded to, they, too, won’t be perfect.

    • Emerald@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      Well pretty much all computers have a backdoor to the CPU. That hasn’t been proven for Pixel phones though.

    • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      I fucking hate Google and wouldn’t use any of their (proprietary) software, but Pixel phones are amazing. Hear me out, Google is the only phone manufacturer right now, that puts extensive hardware security features like MTE, a secure element, as well as a bunch of others in their phones. The Google Titan M2 is based on an open-source project called OpenTitan, and Google has even contributed their own changes upstream. It’s based on the open RISC-V architecture, and it’s the most complete and secure implementation of a secure element that you can find in an Android phone. The only thing that comes even close is the “Secure Enclave” in Apple ARM chips, that are used in modern iPhones, iPads and Macs. I understand the concern about a potential backdoor in the firmware, but that’s a valid concern with basically every CPU on the market right now. x86 are ARM are completely proprietary, so you can’t really trust any CPU based on one of these architectures. The old Google Titan M1 was based on ARM, Apple’s Secure Enclave is also based on ARM, as well as Snapdragon’s SPU (which is incomplete and insecure anyway). The Titan M2, being based on open hardware architecture and firmware, is the most trustworthy secure element, despite being made by Google. It includes features like Insider Attack Resistance, support for the Weaver API, Android StrongBox hardware keystore implementation and is used for a secure implementation of Android Verified Boot. GrapheneOS is free, open-source, and doesn’t use any proprietary Google apps/services by default. Although I hate Google, a Pixel with GrapheneOS is currently the best option for a secure smartphone.