Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

None of the unofficial Android builds allows me to access to the secure element in my SIM card to use my e-signature, which works with SIM menu prompts triggered OTA by the application I'm currently using, mostly governmental services.

If I'm on a custom ROM, the notification never pops up.



You have to have evidence that this is because of attestation, though - lots of open source software is missing lots of features because they are just missing features.


It's not an attestation problem, but a trusted pipeline problem. Yes, the required files are missing, but carrying them from official builds doesn't work either, because all pipeline from modem to kernel has to be signed, and the chain breaks somewhere, and you can't build it without the private keys Google/OEM has.

It's like Trusted HDCP pipeline. Every part has to be signed properly, and no open distribution of Android can do that, period.


Okay but I'd like to see evidence of this because most missing features are just missing features.


SIM services is an integral part of the GSM stack, and all custom ROMs I used had SIM services menu, and I was able to see and utilize the functions in the menu, sans the ones requiring accessing the secure element.

There was one missing file (which I don't remember its name now, it's long gone), but I always carried over that one from the official ROM (same Android version, mind you), but while everything still worked, this was not enabling me to use the secure element based SIM services (namely e-signature).

The problem was not "not being able to access secure element", it was visible, but making it do (secure/verifiable) things, which require an "operator message" to trigger the right process on the phone. Even if the system which I'm trying to login said that the process should start, the phone just didn't respond/started the e-signature process. In my country, if your SIM is blocked for any reason from using these services (e.g. when you change your SIM and not-activate e-sig again), you SHALL and WILL (in RFC sense) get a message detailing what went wrong.

Again, the moment I flashed the original image, secure element based SIM services started working, I didn't need to do anything on the other side. Different ROM, it's working. Flash the custom one, reboot, it's gone. Add the required files back, no luck. That simple.

BTW, I was not mad that it was not working. It's a legally binding wet signature equivalent. I don't want that pipeline to be peek/poke enabled.


That's not an attestation issue.

But have you checked if GrapheneOS handles it?


> That's not an attestation issue.

Yes, but see my other comment in the thread. It's not something trivial. It's not I didn't dig.

> But have you checked if GrapheneOS handles it?

I jumped the platform soon after, so I don't have the hardware anymore, so I can't.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: