Find me a phone that supports secure boot (which is not the same as verified boot btw), and a distro that will run on that phone that properly sandboxes applications (Flatpak does not count, as there are still many security flaws and missing xdg-portals in its implementation.)
Why? That has nothing to do with the topic we’re discussing. You can configure Linux as Android does it, or choose not to.
(Secure Boot is what enables “Verified boot” - which is just Android’s name for a common sense secure boot loader implementation which is the norm in well protected IoT systems etc)
/ex Sony Mobile dev, nowadays IoT hw/fw ethical hacker
Android boots in layers that are encrypted with different keys. The first key in the TPM enlocks the base OS up to the lock screen. From there a pin is entered and the rest of the system is decrypted.
If a compromise happened in the OS the phone would just fail to boot since the integrity of the system is validated by the TPM.
Linux security on phones is not equivalent due to these factors
but Linux supports these things which are either not exact equivalents or would take an entire Dev team with full time funding to do
Can you find me a phone & OS that meets those requirements
Why? that has nothing to do with the topic of Linux security on phones?
are you being serious with me right now? what about my question wasn’t “on topic”? If the hardware and software don’t exist, its not going to happen and you’re making a hypothetical argument to a factual statement.
I would love some more open hardware. I think it is possible for it to happen as long as there is a market for it. The difficult part is getting a 5G chipset that isn’t completely tied to a vendor kernel.
Linux does not suck on phones regarding security. Linux is what brings the security mechanisms faulty ascribed to as being “Android’s”. See previous posters claiming it was all “extensive modifications” by Android and not just Linux security mechanisms.
Feel free to get a Fairphone 4, sign your Ubuntu Touch image with keys supported by the chipset and off you go. The fact that no one is selling you that has no relevance whatsoever to whether “Linux” supports it.
Find me a phone that supports secure boot (which is not the same as verified boot btw), and a distro that will run on that phone that properly sandboxes applications (Flatpak does not count, as there are still many security flaws and missing xdg-portals in its implementation.)
Why? That has nothing to do with the topic we’re discussing. You can configure Linux as Android does it, or choose not to.
(Secure Boot is what enables “Verified boot” - which is just Android’s name for a common sense secure boot loader implementation which is the norm in well protected IoT systems etc)
/ex Sony Mobile dev, nowadays IoT hw/fw ethical hacker
Android boots in layers that are encrypted with different keys. The first key in the TPM enlocks the base OS up to the lock screen. From there a pin is entered and the rest of the system is decrypted.
If a compromise happened in the OS the phone would just fail to boot since the integrity of the system is validated by the TPM.
Yes, that’s how a normal bootchain works in every system ever - like the IoT device running Linux I’m right now working with.
It doesn’t though
Standard Linux doesn’t check for tampering since that requires hardware and firmware support.
I’m sorry but you really have no idea what you’re talking about. Several distros ship with SELinux and Secure Boot by default.
are you being serious with me right now? what about my question wasn’t “on topic”? If the hardware and software don’t exist, its not going to happen and you’re making a hypothetical argument to a factual statement.
I would love some more open hardware. I think it is possible for it to happen as long as there is a market for it. The difficult part is getting a 5G chipset that isn’t completely tied to a vendor kernel.
Linux does not suck on phones regarding security. Linux is what brings the security mechanisms faulty ascribed to as being “Android’s”. See previous posters claiming it was all “extensive modifications” by Android and not just Linux security mechanisms.
Feel free to get a Fairphone 4, sign your Ubuntu Touch image with keys supported by the chipset and off you go. The fact that no one is selling you that has no relevance whatsoever to whether “Linux” supports it.