[xnzakg]

Came here to comment the same thing. I'm also personally not a fan of not being able to own your devices (or just not being able to keep them alive once the manufacturer turns off some server...), though there are two issues: One is people who buy IoT <thing> and then complain when it gets compromised because it was connected to the internet and someone somewhere found a way to turn their device into part of their botnet. The other is pressure from shareholders/management etc to ensure the code stays secret because imagine if a competitor had access to your IoT juicer's firmware and used it in their own product, oh no!

[ianlevesque]

Secure boot doesn’t fix the first one because a buffer overflow exploit won’t get verified and prevented by the boot signature verification. As with all DRM schemes it mostly only hurts your legitimate customers.

The second is uninteresting because often they can just get your exact product off the same assembly line after hours.

I’ve heard of a third, which is a concern that having the option to load unapproved software somehow compromises the security of everyone else. I don’t buy it.

[fragmede]

Even if you don't agree with it, the two lissues for the third point are that an RCE lets an attacker irreversibly modify the firmware remotely, or that the user will intentionally install an older unsupported version that contains an RCE. Vendor controlled firmware also has this issue, but that's the "compromises the security of everyone" with #3 because the attacker can now use the device as a VPN or as part of a DDOS botnet.