[mulmen]

Thanks for the reply! So you can push an update to the python code that allows you to push an update to the firmware without prompting? Sounds like we still rely on the security of your systems to prevent malicious firmware from being pushed.

[yjftsjthsd-h]

Well... yeah? They're the OS vendor; there is literally no way for them to do their job without having the ability to update the system.

[mulmen]

Yes they have to be able to update the system but in this case they are also able to update the firmware without asking which means anyone who can impersonate or coerce them can also update the firmware.

[ibotty]

If you control the OS, you also control the firmware (if you want a way to install new firmware from the OS). No way around.

[jdiez17]

Since the firmware updater is a Python program, you can audit the source code by looking at the relevant directory in site-packages before you accept. If you're really paranoid you can set up a periodic script that sends you an email if the contents of that directory change.