[Arm-netbook] Verifying firmware

[Luke Kenneth Casson Leighton]

---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68


On Wed, Aug 24, 2016 at 10:31 AM, Albert ARIBAUD <albert.aribaud at free.fr> wrote:
> Bonjour,
>
> Le Tue, 23 Aug 2016 19:50:30 +0200
> Henrik Nordström <henrik at henriknordstrom.net> a écrit:

>> What the A20 is missing from a security perspective is secure boot
>> procedure. There is some primitive support but not really functioning.
>> Some of you may think I am crazy speaking about secure boot, but
>> properly used it is a very strong tool for ensuring that the installed
>> software is not tampered with by untrusted parties. But this requires
>> that you are in control of the security keys and not some untrusted
>> proprietary vendor.
>
> Agreed that secure boot is a tool which can be used for good as well as
> bad. My personal opinion is that I'm fine with secure boot as long as
> there is a way back -- i.e. a way to revert the whole thing to a "blank"
> state where, yes, whatever keys were inside are erased so encrypted
> data that was on the device may be lost (except possibly to sufficient
> crypto-analysis resources), but the device can always be "refitted" with
> new keys for new data.

 ... and that's where things like the TI SoCs and the Samsung Exynos
SoCs fall down.  you simply *cannot* undo a blown e-fuse: that's the
whole point.

 which is why if you were to ship a processor that *didn't* have its
"secure e-fuse" blown, you're actually selling people a ticking
time-bomb where the possibility exists for someone to hack in to your
computer, install some spyware at the bootloader level, blow the
e-fuse and then you're *really* screwed.  a whole new ransomware
vector at the *hardware* level.  dang.

 which is why i contacted TI to ask them if there was a way to blow
the e-fuses so that DRM could ****NEVER**** be enabled.  they were
incredibly surprised: i was literally the first person ever to ask
them.

 oh... the answer was "no".

l.