On 15-05-20 17:24:46, One Thousand Gnomes wrote:
>
> More to the point why do you want to sign firmware files ? Leaving aside the
> fact that someone will produce a device with GPLv3 firmware just to p*ss you
> off there's the rather more relevant fact that firmware for devices on a so
> called "trusted" platform already have signed firmware.
For "trusted" systems one would like to make sure everything that goes in has
known provenance. Maybe this was the idea?
> For external devices I don't normally have access to read system memory
> anyway, and signing firmware would achieve nothing unless you start doing
> crazy DRM style key exchanges to prove the endpoint is trusted. Any NSA
> trojan
> wifi stick is simply going to nod as the correct firmware is uploaded, and
> then ignore it. And if I'm just out to be a pain I can already just plug in a
> fake device claiming to be a usb disk with 256 bytes per sector (boom... exit
> machine stage right), or for that matter wire a USB stick with 5v connected
> to
> the mains at the nearest wall socket.
Yep, gaining physical access to the system is a game over. It is arguable how
"trusted" a networked machine could be and i guess the answer is "not much"...
Petko
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
