bitpunkfm on Nostr: I have an idea for SeedSigner. There's a concern that the seed signer doesn't verify ...
I have an idea for SeedSigner (nprofile…fp7r). There's a concern that the seed signer doesn't verify its own firmware. Which, as I understand it, it's because the human writes the SD each time.
Other wallets verify their firmware with a signature. But that's not entirely the truth. Because the bootrom of the microcontroller typical inherently trusts the user bootloader in flash. So what verifies that on boot? Nothing. It's assumed secure because it's hard to access in flash (which is not true see the recent book on Microcontroller Exploits by Travis Goodspeed).
So here's the idea: boot from a CDROM. It's how we used to do it. The image doesn't change. It might need a modification to uboot and the kernel to allow the cdrom file system, but it should be possible.
It also supports seed signers goal of obfuscation. It will appear like the user is just into CDs.
Other wallets verify their firmware with a signature. But that's not entirely the truth. Because the bootrom of the microcontroller typical inherently trusts the user bootloader in flash. So what verifies that on boot? Nothing. It's assumed secure because it's hard to access in flash (which is not true see the recent book on Microcontroller Exploits by Travis Goodspeed).
So here's the idea: boot from a CDROM. It's how we used to do it. The image doesn't change. It might need a modification to uboot and the kernel to allow the cdrom file system, but it should be possible.
It also supports seed signers goal of obfuscation. It will appear like the user is just into CDs.