I expect keys to be per software vendor, because otherwise lineageOS, and pretty... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		themoonisachees on Dec 1, 2022 \| parent \| context \| favorite \| on: Platform certificates used to sign malware I expect keys to be per software vendor, because otherwise lineageOS, and pretty much all small device manufacturers would not be able to sign their android kernel (required for pretty much anything secure, like google pay or safetynet), and giving them a central key would be a significant security risk compared to say Samsung. That said the private key for the CA could be compromised and in that case everything not up to date is toast

ShredKazoo on Dec 2, 2022 [–]

>That said the private key for the CA could be compromised and in that case everything not up to date is toast

I don't follow. Do different Android distributors make use of the same CA? If so why? I don't even see why they would need to make use of a CA if their public key is shipped with the device.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact