{"type":"rich","version":"1.0","title":"Dr. Hax wrote","author_name":"Dr. Hax (npub16v…meqha)","author_url":"https://yabu.me/npub16v82nr4xt62nlydtj0mtxr49r6enc5r0sl2f7cq2zwdw7q92j5gs8meqha","provider_name":"njump","provider_url":"https://yabu.me","html":"People really overestimate how strong the security of \"secure enclaves\" (Trusted Execution Environments (TEEs)) are when it comes to physical access.\n\nnostr:nevent1qqsvz7qcp6mq00ajrsf77kgzwvqjdarteze80879ymlfprv3tqq5xygpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygyckg2msm4e7sydvmqrygkymt7tu4e3ue9azaxea04z4fdj3exf4upsgqqqqqqsha3yz3\n\nProjects like nostr:nprofile1qqs09jtvjlmyrxjn37zv70a89csegcz7rpyqjmnw29cveedhv7vagqqpz4mhxue69uhk2er9dchxummnw3ezumrpdejqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpzpmhxue69uhkummnw3ezuamfdejs92xe5k bypass this by design. They go even further than Signet goes in that they don't persistently store any data at all.\n\nSignet stores encrypted data, but not the keys to decrypt them. After all, if you could remember all your passwords and enter them in on each boot, then you don't need a password manager!\n\nTEEs store the keys themselves (for checking signatures of secure boot, decrypting data on disk, etc.) There's some variation on how they're used by different projects, but this is generally true and the lack of security is why QubesOS doesn't rely on secure boot for security."}