**** BEGIN LOGGING AT Fri Feb 10 03:00:02 2017 Feb 10 10:07:08 pabs3: if only that nice Tomislav fellow from the KNOX team was working for the benefit of the users, to allow the device owner use verified boot chain for arbitrary code... Feb 10 12:10:10 such a concept has no stand in the management board of any hw building huge nasty company Feb 10 12:11:03 they worked for long to get where they are now, why would they drop the ball just to look nice Feb 10 12:16:56 I guess I should ask AZonenberg if he's working on RE-ing the ARM TrustZone/M-Shield code and root cert from chip ROM Feb 10 12:17:21 S/code/ROMBL code/ Feb 10 12:21:27 then, I'm afraid ARM built their shit so smart that even when somebody would RE the root public (hidden invisible) mask-programmed(?) cert *and* crack the private key for it, still you could only one-time-program the customer-proprietary 2nd level cert that verifies signature of MLO Feb 10 12:24:34 and since all devices like Samsung use a SoC that has that assumed / suspected 2nd level customer proprietary key programmed by the original SoC manufacturer for their customer Samsung, us hackers would gain nothing in real life from knowing the mask programmed root cert Feb 10 12:24:49 (me massively speculating above) Feb 10 12:30:46 at ST-E the standard tale was our devel boards had NOVATHOR chips with a R&D cert that won't work on consumer products aka chips sold to Nokia or whomever, so even if we had written a liberal aka 'open mode' MLO first stage bootloader (pragma origin 0, being ROMBL), and had sneaked it in to sign it on that *one* [!!!] signature server in allegedly a Save in Ericcson headquarters, it would be useless for any mass market devices Feb 10 12:31:47 Safe* **** ENDING LOGGING AT Sat Feb 11 03:00:01 2017