alt Hacker NewsAny bootloader or OS that doesn't allow the user to tamper with it or the other tools they're using on it is obviously illegitimate malware.
Any bootloader or OS that doesn't allow the user to tamper with it or the other tools they're using on it is obviously illegitimate malware.
It's a funny comment, because actual malware, very much loves to tamper with the bootloader and OS.
Which was the motivation for cryptographically attesting the boot process and OS, and in part paved the way for app attestation.
There are alternatives though: The Android Hardware Attestation API enables attestation on custom ROMs, but the attestation verifier needs a list of hashes for all "acceptable" ROMs. GrapheneOS publishes these but there's nobody, to my knowledge, maintaining a community list.