--- crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Wed, Aug 24, 2016 at 10:31 AM, Albert ARIBAUD albert.aribaud@free.fr wrote:
Bonjour,
Le Tue, 23 Aug 2016 19:50:30 +0200 Henrik Nordström henrik@henriknordstrom.net a écrit:
What the A20 is missing from a security perspective is secure boot procedure. There is some primitive support but not really functioning. Some of you may think I am crazy speaking about secure boot, but properly used it is a very strong tool for ensuring that the installed software is not tampered with by untrusted parties. But this requires that you are in control of the security keys and not some untrusted proprietary vendor.
Agreed that secure boot is a tool which can be used for good as well as bad. My personal opinion is that I'm fine with secure boot as long as there is a way back -- i.e. a way to revert the whole thing to a "blank" state where, yes, whatever keys were inside are erased so encrypted data that was on the device may be lost (except possibly to sufficient crypto-analysis resources), but the device can always be "refitted" with new keys for new data.
... and that's where things like the TI SoCs and the Samsung Exynos SoCs fall down. you simply *cannot* undo a blown e-fuse: that's the whole point.
which is why if you were to ship a processor that *didn't* have its "secure e-fuse" blown, you're actually selling people a ticking time-bomb where the possibility exists for someone to hack in to your computer, install some spyware at the bootloader level, blow the e-fuse and then you're *really* screwed. a whole new ransomware vector at the *hardware* level. dang.
which is why i contacted TI to ask them if there was a way to blow the e-fuses so that DRM could ****NEVER**** be enabled. they were incredibly surprised: i was literally the first person ever to ask them.
oh... the answer was "no".
l.