rich1.0Dr. Hax (npub16v…meqha)https://yabu.me/npub16v82nr4xt62nlydtj0mtxr49r6enc5r0sl2f7cq2zwdw7q92j5gs8meqhanjumphttps://yabu.mePeople really overestimate how strong the security of "secure enclaves" (Trusted Execution Environments (TEEs)) are when it comes to physical access. nostr:nevent1qqsvz7qcp6mq00ajrsf77kgzwvqjdarteze80879ymlfprv3tqq5xygpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygyckg2msm4e7sydvmqrygkymt7tu4e3ue9azaxea04z4fdj3exf4upsgqqqqqqsha3yz3 Projects like nostr:nprofile1qqs09jtvjlmyrxjn37zv70a89csegcz7rpyqjmnw29cveedhv7vagqqpz4mhxue69uhk2er9dchxummnw3ezumrpdejqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpzpmhxue69uhkummnw3ezuamfdejs92xe5k bypass this by design. They go even further than Signet goes in that they don't persistently store any data at all. Signet stores encrypted data, but not the keys to decrypt them. After all, if you could remember all your passwords and enter them in on each boot, then you don't need a password manager! TEEs store the keys themselves (for checking signatures of secure boot, decrypting data on disk, etc.) There's some variation on how they're used by different projects, but this is generally true and the lack of security is why QubesOS doesn't rely on secure boot for security.