If the hardware is tampered, it will not pass the attestation test, which is an online component. It will fail immediately and you will be alerted. Thats the part of verified boot that makes this so much harder for adversaries. They would have to compromise both systems. The attestation system is going to be heavily guarded.
Compromised hardware doesn’t know the signatures. Math.
Compromised hardware can’t create new signatures, but it doesn’t matter because it controls execution of software and can skip any checks.
If the hardware is tampered, it will not pass the attestation test, which is an online component. It will fail immediately and you will be alerted. Thats the part of verified boot that makes this so much harder for adversaries. They would have to compromise both systems. The attestation system is going to be heavily guarded.
So, storing on Signal’s server key to decrypt keys. Welcome back to apple-isms and online-only.
Provided you have some other non-compromised way of communications.