On 2020-05-14 11:08, i...@aulix.com wrote:
>> If that binary code was on a ROM, would it be less malicious?
> Cannot more recent and up to date binary code be more malicious than
> old one in the ROM?

This has nothing to do with OpenBSD.  That can be true for any kind of
code update, whether it exists in RAM on a device that's loaded by the
OS at boot time, EEPROM that can be reprogrammed by software, or a
chip that has to be physically swapped out.

I actually had Adaptec give me a firmware update with a time bomb in
it, and didn't bother to tell me that after X days, it would brick my
adapter and prevent me from updating/downdating it.  If it had been
stored in RAM, I might have been able to recover it, but since it was
flashed into EEPROM and prevented the machine from booting, the card
had to be replaced...and my customer had an outage.
> Please take into account, I am a very noob in security area and it is
> just my IMHO.

Please read your own statement.  You aren't qualified to assert your
opinion in this group, humble or not.  It's not our job to turn you
into a security expert.  If you value the work that OpenBSD does to
protect your security, use it.  If you don't, use something else.
Please.  We aren't here to win you over.  Some of us are kinda tired
of your flood of queries asking for yet another opinion on often and
widely discussed topics.

> Anyway there was another distro like LibertyBSD which was an OpenBSD
> without some already seldom blobs like firmwares. And another OpenBSD
> fork is declared to be going to appear: Hyperbola (it is Linux based
> yet for now), completely pure from BLOBs too.

...and you won't find much modern hardware that it works on.  You can
achieve your goal (including the "not working on your hardware"
feature) with OpenBSD by just removing the contents of the
/etc/firmware directory.  If the firmware isn't needed on your machine.
it's not loaded.  Concern about firmware binaries is not incorrect, but
it is horribly missing a lot of points about how modern computers work.
It's kinda like putting six bullets in a revolver, and obsessing about
the third one.  Yes, sure...that third one may blow a hole in your head
or protect you from the rabid wolf, but the other five could do very
much the same.  And in most cases, you have far bigger security
concerns than malicious firmware.  Here's a free security lesson: If I
want to take control of your machine, I'll use the easiest route; that
won't be malicious firmware.

Oh, btw...if I recall properly, a lot of CPU security fixes are
distributed as firmware microcode updates that have to be loaded by the
OS.  So... being inappropriately paranoid about firmware could
compromise your security.  


Reply via email to