[liberationtech] Unique Opportunity: Input to CEOs of Smartphone Manufacturers

[Blibbet]

> (1) A unique key built into each device, which can't be read directly
> by software, but which can be used to derive other keys (e.g. for disk
> encryption) at a limited rate, slowing down brute-force attacks
> against such keys.
>
> (2) An effaceable area of flash storage where the operating system can
> store encryption keys for the entire disk and/or individual files,
> making it possible to securely delete the corresponding data without
> having to smash the device into tiny little pieces.
>
> (3) A pony.

Presuming the smartphone is ARM-based, and presuming if (1) is applied, 
it'll probably have ARM TrustZone installed, then:

(4) Install a modern firmware on your smartphone, with useful security 
features.

(4a) Linux-based Coreboot. or

(4b) UEFI.

Use UEFI's SecureBoot feature, to enhance your Linux/Android/B2G/etc OS, 
something none of your competitors are doing, except MS/Win8. To do so, 
you need TPM on x86 or TrustZone on ARM, and you need to get your OS 
vendor to sign the firmware, and not let MS Win8 hardware logo 
requirements confuse you.

Beyond the default TianoCore source, leverage Linaro's ARM-centric fork 
of TianoCore, and Intel's MinnowBoard's UEFI which targets Linux 
(Angstrom/Yocto), but neither of these Linux-centric UEFI targets 
support the SecureBoot feature.

Extend the current UEFI SecureBoot feature, which only targets 1 OS, to 
one that lets you securely boot more-than-1 OS, for systems that want to 
securely multiboot a handful of OSes (not necessarily installed, but 
later, if your device is open, your user may opt to install another 
distro; your job is to gather certs of the major ones, so they can 
securely boot the main distros.)

(5) Learn from FairPhone's model. Compete with them, by making something 
*more* open.

Thanks.