On 7/10/20 8:25 AM, Nicolas Mailhot wrote:
Le vendredi 10 juillet 2020 à 08:00 -0400, Przemek Klosowski a écrit :
Not quite---as I said in next sentence that you didn't include in
your quote, secure boot also tries to prevent unauthorized
That does not work either, because if your system is remotely
exploitable, it will just be remotely exploited at every boot, and
there will be nothing stored persistently for secure boot to block
(that is actually how some windows malware started to behave once
Microsoft added boot protections).
Except that you can fix the vulnerability, push the update and prevent the exploit, even if the vulnerability would somehow be in the boot firmware. For the exploit to win it would have to hit the window just after the boot, which can be prevented.

The other usual argument is that digital keys are cheap and physical
buttons or locks expensive. Well digital keys are definitely not cheap
once you count all the work to keep digital protections up to date and
bug free, and physical buttons are definitely not expensive. I have one
on every bargain-bin iot plug in my house, to authorise initial
pairing. And those buttons will keep working far after the IOT
manufacturer will have screwed up the software update part.

The marginal cost of a digital key has got to be smaller than the marginal cost of the button. At billions of device, that's the only cost that matters.

Again, I am a hardware hacker and I hate the locked devices. But I think the secure updates have to happen, and it turns out that there is almost always a local bypass--JTAG, serial port, whatever. Maybe that is a regulatory issue---like a legal requirement that manufacturers need to publish a local unlock key/code after (or maybe even before) their support schedule ends.
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to