← Back to context

Comment by crvdgc

6 days ago

In theory, it's possible to have a third party (other than Google or Apple) to provide attestation on third party hardware.

You can have a separate core and kernel to run such code. They don't have to be powerful, but they'll need to be small enough to be verified by the said provider. For most of the code that doesn't need attestation, they can be executed on normal hardware.

The provider also has to convince the regulator or banks to trust them. However, if that's solved, the user should feel no difference between pure Android and alternative platform plus attestation.

1 comment

crvdgc

Reply