2026-03-09T21:04:30Z https://yabu.me fox https://yabu.me/npub1wlz7m48jk52wsesrkzhfjhr28gkvw0me3we4yp7zrk3d2wzynp6qzaz68j https://yabu.me/nevent1qqs9l67jzdvjrcaa394x3f7ly66wakf6ucpe98fu7atf2dl0pu3sj8gzypmutmw57263f6rxqwc2ax2udgaze3el0x9mx5s8cgw694fcgjv8grg74sf In reply to <a href='/nevent1qqsf8pgakg40fdujkvlzw6m82k3pu5am7wqsy3e2gx0t7xgxmss0twgpz4mhxue69uhhyetvv9ujuerfw36x7tnsw43q3awctf'>nevent1q…wctf</a><br/>_________________________<br/><br/><span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqtva8g98fx0fks0pt38vr75tv02t30qd5ev7n5v7fcpl6t44hf7kqzp8d0p" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqtva8g98fx0fks0pt38vr75tv02t30qd5ev7n5v7fcpl6t44hf7kqzp8d0p</span> (<span class="italic">nprofile…8d0p</span>)</a></span> If that is the case, then IMO uattest is actually better. A CA like uattest, as bad as it sounds, will probably be more amenable to allowing reasonably secure alternative OS like LineageOS. You only need to persuade one entity. While if each app gets to decide then you have to convince each dev, bank, gov to allow your OS. That doesnt sound very practical. And the uattest proposal can be implemented right now on most devices while most devices dont have a security chip at the moment. 2026-03-09T19:50:22Z https://yabu.me/nevent1qqsf8pgakg40fdujkvlzw6m82k3pu5am7wqsy3e2gx0t7xgxmss0twgzypmutmw57263f6rxqwc2ax2udgaze3el0x9mx5s8cgw694fcgjv8gqc0vqr In reply to <a href='/nevent1qqs8lf5ngn6fvny40ju4l25r4zr0u6nuld0e8zcz2vmp7hqca9wdjvcpz4mhxue69uhhyetvv9ujuerfw36x7tnsw43qvxn4vl'>nevent1q…n4vl</a><br/>_________________________<br/><br/><span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqtva8g98fx0fks0pt38vr75tv02t30qd5ev7n5v7fcpl6t44hf7kqzp8d0p" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqtva8g98fx0fks0pt38vr75tv02t30qd5ev7n5v7fcpl6t44hf7kqzp8d0p</span> (<span class="italic">nprofile…8d0p</span>)</a></span> So if Im understanding this correctly, what GOS wants is for apps to use an API that will interface with a hardware chip like the titan m2 and will report that the bootloader is locked etc and also report the signing key to apps? Then it would be up to the app to trust that key (which necessitates an allowlist of sorts maintained by apps individually). Is my understanding correct? 2026-03-09T19:23:11Z