|
On 7/10/20 5:22 PM, John M. Harris Jr
wrote:
Android, actually, is trying to get it right by a) being a platform so that common security updates are available from the platform owner, and can be applied to everyone's system and b) having a secure remote update method.The problem with implementing systems such as this is obvious.. If the end user cannot upload their own firmware, because the host has a hardware mechanism for checking the signature of the firmware, that's not good for the end user, it's harmful. It would mean they don't actually own the system, the vendor does. Yes, but it it's too easy (and can be triggered remotely) it
becomes a huge problem. I also want to be able to load alternative firmware---but it has
to be difficult, e.g. by requiring to disassemble the device and
physically access the electronics. |
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
