Hacker News new | past | comments | ask | show | jobs | submit login

This is trivially avoided by adding a setup password. Additionally, the system could display a hash of the keystore at boot - AIUI, Purism has worked on something like that.



This doesn't help ordinary users who aren't going to check the hash at boot.


OK, so we're talking about users who have unlocked the system themselves and enrolled a user key onto it, but aren't going to notice if it changes unexpectedly? Suuure.


No, you also have to include users who would like to run "stock" Chrome OS and continue trusting Google's keys. How do you protect them?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: