Librem 5 security

Yes… though only if the device owner and end user is the only one with the signing keys. Assuming that there aren’t any vulnerabilities in the trusted world bootcode (I’ll give you a minute to stop laughing), you can use it to ensure that nobody can subvert your phone by installing boot-time trojans. The main opposition from our perspective to commercial phone usage of trusted enclaves is that we are not the ones who control that root key and as such are not the actual device owners.

Qubes OS, for instance, makes use of a TPM - https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html and https://www.qubes-os.org/doc/hcl/

3 Likes