[Arm-netbook] Verifying firmware
Stefan Monnier
monnier at iro.umontreal.ca
Wed Aug 24 18:56:58 BST 2016
> What the A20 is missing from a security perspective is secure boot
> procedure. There is some primitive support but not really functioning.
> Some of you may think I am crazy speaking about secure boot, but
> properly used it is a very strong tool for ensuring that the installed
> software is not tampered with by untrusted parties.
How serious is such a threat?
I mean I see the point in theory, but in practice the risk of the user
losing control of his device because of such a "trusted boot" seems to
be far higher than the risks linked to the absence of such a mechanism.
Stefan
PS: by the way, if you boot from the µSD card, you could probably get
the same result as a trusted boot by using your own µSD when booting and
making sure this card is read-only (e.g. by taking it out after the
boot is over).
More information about the arm-netbook
mailing list