I need to look into details about measured boot impl within Android (also note my comment about measured boot != secure boot; secure boot doesn't work on most consumer ARM devices, aka cannot "relock" (unless it's a Pixel, afaik)
For context, I work on measured boot for Linux, both x86 and ARM, the main issue is that while we can get that working on pmOS, what we can't get working is the large ecosystem of apps that are explicitly written against an API that is security-first, unlike Linux apps that are written assuming full access and shit the bed otherwise, requiring all kinds of workarounds. Portals are reinventing (badly) what Android was doing back with eg. SAF, and they aren't nearly restrictive enough.
If you wanted FD.O phones to be as secure, you'd need to get an ecosystem of apps written by devs that accept using a security-first API, and a competent team to design and impl the API, then reimplement a secure framework below it, package it all so that it integrates with the OTA model and integrity/verity, implement proper app signatures and a system for app distribution, get it all working with SELinux and UIDs and everything else...
And by then you have basically reinvented Android, except probably forgot about 10 different things that Android already solved cuz it has been on this since 2008
I'm not saying give up; I'm saying use Android as the base and fix the Google fuckups, or properly understand how and why Android does the ways it does security things (99% of the time, Android itself has actual reasons for basically everything; Google limits its malware shit to Play Services and keeps Android basically pure engineering work, no management making it broken. Meaning the main fuckups are bad performance optimizations, horrible UX... They don't really have a big competent UX team). Even the silly Google developer certificate system has a use (for example, could use it with a distributed signing system, and allow things like, signing apps with ACME; so you could eg. verify that a given apk with the package name com.example.cuteandfunnyapp is verified by whoever controls example.com, amongst other things. Once again, it's Android making a good thing, Google's Play Services using it for something stupid to make it the most useless possible, and then techbros blaming Android for it, despite as said above, it's actually a really good, albeit overengineered system. Google then picks the most clueless PR person to speak to the techbros and that's how you get the shitstorms.)
ity [unit X-69] - VIOLENT FUCK
npub194…58sk0
2025-12-23 02:06:46 UTC
in reply to nevent1q…gtrp
Author Public Key
npub194nd9rq72lgjkzdpk88ee2gzsx6j6w8zva2cm9jvsxrvv8c564asz58sk0Seen on
wss://relay.momostr.pinkPublished at
2025-12-23 02:06:46 UTCEvent JSON
{
"id": "f9826863de331ec00198d626814206bb705aed0fb1147016a3612f78acd6fbac",
"pubkey": "2d66d28c1e57d12b09a1b1cf9ca90281b52d38e267558d964c8186c61f14d57b",
"created_at": 1766455606,
"kind": 1,
"tags": [
[
"proxy",
"https://estradiol.city/@ity/115766434617577470",
"web"
],
[
"p",
"55c38daec0d45886a83afe6c19c37fe3d9ead721f02929360c290e29f0ebb00d"
],
[
"e",
"bf92f99ce71076e0caecb5bd056a75bcf08db1a6042c96f6134d68731e430e13",
"",
"root",
"55c38daec0d45886a83afe6c19c37fe3d9ead721f02929360c290e29f0ebb00d"
],
[
"p",
"2d66d28c1e57d12b09a1b1cf9ca90281b52d38e267558d964c8186c61f14d57b"
],
[
"p",
"1ae40562756eaf1d96fe1ba4f85201c9a1f8005c3516aab9e0a84fbb3e6f7e84"
],
[
"e",
"ea713ce76b6b7cfade0e7d391ede7ea90da351c7701be804434aa2820fac2b2b",
"",
"reply",
"1ae40562756eaf1d96fe1ba4f85201c9a1f8005c3516aab9e0a84fbb3e6f7e84"
],
[
"proxy",
"https://estradiol.city/users/ity/statuses/115766434617577470",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://estradiol.city/users/ity/statuses/115766434617577470",
"pink.momostr"
],
[
"-"
]
],
"content": "I need to look into details about measured boot impl within Android (also note my comment about measured boot != secure boot; secure boot doesn't work on most consumer ARM devices, aka cannot \"relock\" (unless it's a Pixel, afaik)\n\nFor context, I work on measured boot for Linux, both x86 and ARM, the main issue is that while we can get that working on pmOS, what we can't get working is the large ecosystem of apps that are explicitly written against an API that is security-first, unlike Linux apps that are written assuming full access and shit the bed otherwise, requiring all kinds of workarounds. Portals are reinventing (badly) what Android was doing back with eg. SAF, and they aren't nearly restrictive enough.\n\nIf you wanted FD.O phones to be as secure, you'd need to get an ecosystem of apps written by devs that accept using a security-first API, and a competent team to design and impl the API, then reimplement a secure framework below it, package it all so that it integrates with the OTA model and integrity/verity, implement proper app signatures and a system for app distribution, get it all working with SELinux and UIDs and everything else...\n\nAnd by then you have basically reinvented Android, except probably forgot about 10 different things that Android already solved cuz it has been on this since 2008\n\nI'm not saying give up; I'm saying use Android as the base and fix the Google fuckups, or properly understand how and why Android does the ways it does security things (99% of the time, Android itself has actual reasons for basically everything; Google limits its malware shit to Play Services and keeps Android basically pure engineering work, no management making it broken. Meaning the main fuckups are bad performance optimizations, horrible UX... They don't really have a big competent UX team). Even the silly Google developer certificate system has a use (for example, could use it with a distributed signing system, and allow things like, signing apps with ACME; so you could eg. verify that a given apk with the package name com.example.cuteandfunnyapp is verified by whoever controls example.com, amongst other things. Once again, it's Android making a good thing, Google's Play Services using it for something stupid to make it the most useless possible, and then techbros blaming Android for it, despite as said above, it's actually a really good, albeit overengineered system. Google then picks the most clueless PR person to speak to the techbros and that's how you get the shitstorms.)",
"sig": "6474c1677a848a3a0469415cf23fe8f94607c8c0f0ae03098a0b81b918d92249b02aaba790745b4d6b5509af81e3a285629c24a5213eeec95f68427d90dc41ae"
}