Add 2FA to reject booting, similar to how Google verify device login attempt before granting access
The idea came from after discussing with Ong Boon Leong that, at the point where Devora verified a keyfile successfully, it contacts the owner via known devices to ensure access authenticity. If the owner rejects it, then the device is treated as not accessible.
This is the 2 factor authentication enhancement to Devora. The challenge is how to bring up the network access at intird stage.
If we want to put it into our analogy...
A butler, calling via phone to the master to cross-check whether this person was him / his appointed delegate. If yes, he then open up the internal lock. Otherwise, he denies it and call the police.
Edited by (Holloway), Chew Kean Ho