Schrödinger's Catgirl (Joyce)Feb 24

A friend, @chloetankahhui has been speaking up against the proposal to enforce age verification at the OS level, and the QRTs to this shows the extent of naivety that a lot of people have.

No one who does hardware security believes that any system is bulletproof, but do you really think that circumventing these things will always be a simple firmware mod or hardware hack?

Let's dive in. /1

Show threadSchrödinger's Catgirl (Joyce)Feb 24

Since the late 2000s, computer chipsets have shipped with security processors like Intel Management Engine and AMD Platform Security Processor.

Part of their job is to verify that the UEFI firmware is from the computer OEM and has not been tampered with or comes from a 3rd party. /2

Show threadSchrödinger's Catgirl (Joyce)Feb 24

How do these security processors verify the firmware integrity?

Through a set of cryptographic keys and their hashes, which are used to verify the cryptographic signature of the UEFI firmware. These keys or hashes are *burned* into the processor and cannot be changed. /3

Show threadSchrödinger's Catgirl (Joyce)Feb 24

For now, these functions are not strictly enforced or turned on in a lot of consumer devices.

But is there anything stopping nation states from forcing hardware manufacturers and OEMs to do so?

What options do you have in such a case? /4

Show threadSchrödinger's Catgirl (Joyce)Feb 24

There have been vulnerabilities in ME and PSP, and there MAY BE a way for users to bypass these checks.

But this assumes:
- Someone out there will put in labor to circumvent these things and release it freely, even at great expense.
- A simple, user doable hack even exists.

/5

Show threadSchrödinger's Catgirl (Joyce)Feb 24

Again, no one assumes that any system can be made 100% bulletproof. But that was never the point is it?

The end game is for manufacturers to harden their devices against cheaper tools and raise the barrier to entry such that it costs a fortune for hackers who might even try. /6

Show threadSchrödinger's Catgirl (Joyce)Feb 24

This is why GiovanH's blog article is a must-read.

People assume that accessible hacks of invasive systems will always exist, and users hacking their devices is to be expected.

THIS SHOULDN'T BE A NORM. THIS IS AN ARMS RACE AND WE'RE OUTMATCHED. /7

https://blog.giovanh.com/blog/2025/10/14/a-hack-is-not-enough/

Show threadSchrödinger's Catgirl (Joyce)Feb 24

People who think "oh we'll just buy Chinese motherboards and chips" or "just use open source hardware"

WHO FABRICATES THE BOARDS AND CHIPS FOR OSHW? DO YOU BELIEVE STATES LIKE CHINA AREN'T INTERESTED IN SIMILAR MEASURES OF CONTROL?

This is the tech equivalent of tankie-ism.

/8

Show threadSchrödinger's Catgirl (Joyce)Feb 24

Go on, circumvent these measures & keep our tech open and free.

But know that many hackers find basic hardware hacking tools too costly and out of reach. WE'RE OUTRESOURCED.

PUSH BACK BEFORE THESE POLICIES BECOME NORMALIZED. DON'T RELY ON HACKING ALONE TO SAVE US.

/END

Show threadelly
@sleepyowl Intel is extending BootGuard with FSP signing too (which is a blob doing all memory/silicon init magic behind the scenes) which was specifically requested by delusional vendors like AMI.

We had some heated discussions with their engineers about it because they wanted to move reset vector(!) to be owned by FSP-O before allowing actual firmware to execute (kinda like TF-A on ARM64).
Eventually everyone in the meeting went quiet and let me cook, it was a bit comical (me vs. three engineers from Intel), where I suggested extending CSME with it's own cache (as RAM is initialized much later) that can check status of EFUSEs and validate FSP signatures before releasing x86 cores from reset (which is nothing new, that's also what AMD is doing with PSP and PSB) if BootGuard is enabled and board went trough EOM.

In any case, they wanted to make it mandatory in the beginning. We pushed back, which brought Intel to negotiating table and made them change their minds. You can clearly see though that vendors don't care about openness of their platforms (unless money is involved) and real ROT is in the hardware.
Whoever makes the SoC and board, whoever rolls cryptographic keys *truly* owns the platform (or in other words - your hardware belongs to entity burning their signing keys into the "BootROM").

Circumventing those protections is not viable, saying "I'll buy second-hand" or "I'll buy from China" is simply... delusional. If every piece of hardware would become locked-down, you wouldn't be able to upgrade your hardware past certain point whatsoever. Buying from China might work for now, sure... but guess what would happen if China's SoC manufacturers would get equally as big as let's say, Intel/AMD/Qualcomm?
Yep, you've guessed it - same exact thing.
Mar 2 at 7:16pmWeb
Show threadnumanumayeyMar 2

@elly @sleepyowl

>but guess what would happen if China's SoC manufacturers would get equally as big as let's say, Intel/AMD/Qualcomm?

the executives would inevitably complain about state regulation, and the state's usual response for this is (for this day and age) surprisingly cathartic.

Show threadVal Packett 🧉Mar 2

@elly @sleepyowl imo the urgent crisis rn is with Android OEMs which are walking back on the whole "OEM unlock bootloader" contract. Full control from the reset vector up was always hard to get (esp. on retail consumer devices) beyond a certain level of platform complexity, was always a freedom-nerd niche desire. But both the PC and Android contracts included custom OS support because there's real demand for that. Evidently some vendors are still somewhat cool (Moto collab with Graphene sounds positive?) but between Xiaomi announcing straight up "no more unlock for you" and OnePlus doing weird efuse-blowing things it's the most worrying space right now x_x

We really need to build an actually compelling and desirable platform (see the Modal.cx vision) with the best FOSS components we have, with which we would be able to campaign for our requirements much better. IMO just having abstract and nerdy demands would never get wider political/regulatory/business/NGO/etc attention, while "this is the free people's digital sovereignty sustainable green repair awesomeplatform we want X Y Z requirements to be met for our future innovation to unlock freedom horizons and independent sovereign cyber security" is the best shot we can have.

Show threadellyMar 2
@valpackett @sleepyowl If I would have:
- Some free time (~3 days)
- Money
- People from countries other than France, Netherlands, Germany, Poland (need 3 more)
I would finish this and start European Citizens Initiative: https://md.sakamoto.pl/Z0qF0ZoARuOrWKuPCQYH-g#
Smartphone ecosystem problems: Overview for policymakers - HedgeDoc

Show threadartemistMar 2
@elly @sleepyowl @valpackett If you just need someone to sign I have also been complaining about play protect and lack of unlocking bootloaders and am an Italian citizen (though not resident in the EU)
Show threadRasmus SindumMar 3
@elly @sleepyowl @valpackett Looks like great work so far. Thums up
Show threadJonas PlatteMar 3
@elly @sleepyowl @valpackett is money the hardest part? How much are we talking? The 3 extra ppl sounds like it should be easy? (I know ppl who probably care about this in at least Croatia + Denmark)
Show threadmateusz6768Mar 2


CC: @[email protected] @[email protected]

I remember that ever since a few years ago i have always been thinking in my mind of making a company that would be making phone SoC’s (including phones with the vendor chip) and baseband chips just as good and efficient like Qualcomm or Mediatek but 100% open source down to the baseband code which is something that companies fear over certification and company policy so that I could prove to the world that baseband code can be audited and not behind proprietary blobs but that will for now be a imagination and more of a alternative universe of mobile tech