(03-13-2021, 03:41 AM)bosi564 Wrote:You don't need to use systemd-resolved. Just disable it, or disable the features you don't like in its config file. I routinely disable LLMNR and similar in systemd-resolved.(03-12-2021, 05:48 AM)TurpentineOS Wrote: ...I think the software for the pinephone is not trustworthy yet[0]. Even if we accept that the volunteers, who prepare the distros, are doing their best, this is still a general-purpose computer with many options set to undesirable defaults for people looking for "security out of the box". Still, I use it daily because I expect it to be more secure than some alternative, cheaper devices.
However, if #1-5 are fulfilled by a FOSS phone, then I would make the switch considering we cannot know what is hidden in Google's firmware (despite secure boot making it impossible to modify).
[0] I've just found that on my phone systemd-resolve is listening on a port facing the internet and had to fix its settings. I hope someday I will be able to just uninstall it.
(05-27-2021, 08:36 AM)temp0rary Wrote: What's the most secure pinephone OS with working calls right now? And how would you reinstall plasma manjaro if you got a virus or similar?Compared to every other mobile SoC, SD card has hardware enforced boot priority on Allwinner SoCs. No modifiable code runs prior to booting SD card.
So while secure boot is nice to have, you can just boot a known clean OS to recover eMMC/modem from any malware. No need for root of trust, because no modifiable code can run before your known clean code starts running. True root of trust is whatever is on the SD card itself.
my website: https://xnux.eu