OK, fine; I actually like this line of thinking.... even if I hate it!
An exercise in counterintelligence: Threat level nightmare
Let us act as though we 100% know a hostile tech superpower nation state actor has had weeks to adulterate our Pinephones and other gadgets, they have the hardware in their hands, lets talk that scenario out in a serious and technical way.
The board is easy enough to pull and inspect for the chip number stamps, I think those are all in the wiki and pics?
How can we test point verify that we have authentic and unhacked hardware? Do they throw anything unique and unspoofable at startup?
How could we hash verify what firmware is loaded?
How can we verify that the firmware is hash correct?
Is it possible for the ADB method to verify 100% what is going on inside the telephony modem module and it has not been turned rogue?
Is it possible to make a paranoia SD image where we can fully wipe all firmware and other memory and verifiable reload it with hash verified safe images?
How could we be sure we are getting a clean copy of the paranoia boot image?
The only assumption I don't try to make in this scenario is that the opposition would take the time to fab up custom silicon, not sure what could be done if they are willing to invest that deeply.
Am I missing anything?
If we can compile a full sterilization and reload protocol we can publish it in the wiki. The existence of such a scorched earth reload protocol would be a real feather in the cap of the Pinephone over any others from a security standpoint.
An exercise in counterintelligence: Threat level nightmare
Let us act as though we 100% know a hostile tech superpower nation state actor has had weeks to adulterate our Pinephones and other gadgets, they have the hardware in their hands, lets talk that scenario out in a serious and technical way.
The board is easy enough to pull and inspect for the chip number stamps, I think those are all in the wiki and pics?
How can we test point verify that we have authentic and unhacked hardware? Do they throw anything unique and unspoofable at startup?
How could we hash verify what firmware is loaded?
How can we verify that the firmware is hash correct?
Is it possible for the ADB method to verify 100% what is going on inside the telephony modem module and it has not been turned rogue?
Is it possible to make a paranoia SD image where we can fully wipe all firmware and other memory and verifiable reload it with hash verified safe images?
How could we be sure we are getting a clean copy of the paranoia boot image?
The only assumption I don't try to make in this scenario is that the opposition would take the time to fab up custom silicon, not sure what could be done if they are willing to invest that deeply.
Am I missing anything?
If we can compile a full sterilization and reload protocol we can publish it in the wiki. The existence of such a scorched earth reload protocol would be a real feather in the cap of the Pinephone over any others from a security standpoint.