this post was submitted on 11 Mar 2026
102 points (99.0% liked)

Privacy

4195 readers
227 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
102
GrapheneOS calls on privacy focused app developers to boycott European Unified Attestation (piunikaweb.com)
submitted 3 days ago by cm0002@libretechni.ca to c/privacy@programming.dev
26 comments fedilink hide all child comments
 

https://grapheneos.social/@GrapheneOS/116200110686604617

you are viewing a single comment's thread
view the rest of the comments
[โ€“] FG_3479@lemmy.world 2 points 20 hours ago (1 children)

If someone injects malware into your GrapheneOS image then the attestation won't pass. That is how it works.

[โ€“] freeman@sh.itjust.works 2 points 20 hours ago

Where did I say a malware injected GrapheneOS image will pass hardware attestation?

The problem is that an unmodified GrapheneOS image may also not pass hardware attestation if the app developer has not whitelisted GrapheneOS's key.

Also I hope GrapheneOS would simply inform the user or refuse to boot if the image does not pass attestation. In that case an app itself requiring attestation, based on it's own list of accepted keys, has no security value, only gatekeeping potential.