[turpentine]

The obfuscation hardware vendors do is so trivial, why do they even bother?

One of the current vendor provided consumer SSD firmware update utilities for Linux as a live-usb decrypts the firmware and writes it out to disk decrypted before uploading it, so simply using seccomp to fail a rmdir syscall nets you the decrypted version without having to reverse engineer any of the updater/decryption code.

I deleted my own negative rant about SSD manufacturers not opting in to lvfs/fwupd when drives have a high risk of bricking without firmware updates.

[stronglikedan]

> The obfuscation hardware vendors do is so trivial, why do they even bother?

The lock on your front door is so trivial to bypass, yet deters the vast majority of people from entering your house without your permission.

[thfuran]

Does it actually? I'm not sure anyone has ever tried to open my door when it was locked except me.

[pixl97]

>why do they even bother

So when you start publishing their code they can DMCA you.

[AnthonyMouse]

Except that DMCA 512 (notice and takedown) is a different section than DMCA 1201 (anti-circumvention) and you don't have to be using any DRM of any kind to use the former because they're unrelated.

Also, wouldn't someone trying to distribute "illicit copies" just distribute the original unmodified file since it's a self-extracting binary with no license check? And what reason would anyone have to do that when they already publish it for free on their own site, and why should they care if someone did?

[superxpro12]

Mostly so they can check the box of "we implemented readback protection" and move on to more important aspects of the job.

The goal is not to produce cryptographically secure code, its to make it annoying enough so most people dont bother.