On 15-05-20 17:24:46, One Thousand Gnomes wrote: > > More to the point why do you want to sign firmware files ? Leaving aside the > fact that someone will produce a device with GPLv3 firmware just to p*ss you > off there's the rather more relevant fact that firmware for devices on a so > called "trusted" platform already have signed firmware. For "trusted" systems one would like to make sure everything that goes in has known provenance. Maybe this was the idea? > For external devices I don't normally have access to read system memory > anyway, and signing firmware would achieve nothing unless you start doing > crazy DRM style key exchanges to prove the endpoint is trusted. Any NSA trojan > wifi stick is simply going to nod as the correct firmware is uploaded, and > then ignore it. And if I'm just out to be a pain I can already just plug in a > fake device claiming to be a usb disk with 256 bytes per sector (boom... exit > machine stage right), or for that matter wire a USB stick with 5v connected to > the mains at the nearest wall socket. Yep, gaining physical access to the system is a game over. It is arguable how "trusted" a networked machine could be and i guess the answer is "not much"... Petko -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
