hellekin: > On 11/15/2013 01:49 PM, Andreas Kuckartz wrote: > >> A chicken-and-egg or bootstrapping problem. It obviously is not >> trivial to solve. And it includes the operating system. > > *** I guess you can use plural here: operating systems, since > phones are now (ahaha) known to run another chip-borne, proprietary > operating system that accesses to any peripheral from USB to GPS.
Plural, yes. There are at least two operating systems in a modern mobile phone: The "main" one such as Android or CyanogenMod and the one on the SIM card. (In a support phone call with my mobile service provider the support person informed me that they would "restart your card" in a few minutes. The problem then disappeared.) > A simple approach to the bootstrapping problem is to ship software > as part of the operating system. But how do you know that the shipped operating system was not compromised? Where is the trust anchor? I have seen a mail on the Tails mailing list about how to ensure or verify that the content of a USB memory stick with Tails was not modified. That is non-trivial when the number of USB sticks is large. Cheers, Andreas
