Today I helped a user compile the #signet client for an #ARM based version of #MacOS.
It required changing a couple library paths, and I've already upstreamed those changes to the latest copy of the repo.
This was something I've been wanted to test for a long time now, but I don't have the hardware and it's hard to get the time of someone who does. But we did it. Together.
Hardware secured encryption is #cipherpunk meets #cyberpunk ✊
signet - And physical access is within our threat model!
Contrast that to the way hardware security work when made by Intel, AMD or ARM:
https://infosec.exchange/@dangoodin/115459944536890363
Projects like SeedSigner (nprofile…xe5k) bypass this by design. They go even further than Signet goes in that they don't persistently store any data at all.
Signet stores encrypted data, but not the keys to decrypt them. After all, if you could remember all your passwords and enter them in on each boot, then you don't need a password manager!
TEEs store the keys themselves (for checking signatures of secure boot, decrypting data on disk, etc.) There's some variation on how they're used by different projects, but this is generally true and the lack of security is why QubesOS doesn't rely on secure boot for security.