Hi @kyle, I just read your article about "Protecting the Digital Supply Chain" of the Librem notebooks here:
puri.sm/posts/protecting-the-d

Question: have you ever thought about distributing the firmware updates through a quantum immune, distributed ledger? I know about IOTA and it is permission- and fee-less. This could help to transport firmware through a tamperproof channel, no middlemen, no server downtime.

This is a PoC by VW about OTA FW updates:
pbs.twimg.com/media/DfNuez_W0A

Wanna chat about it?

@antonionardella I lean more toward simpler solutions--standard code signing to start, supported by Reproducible Builds so 3rd parties can verify integrity.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml