[Terr_]

What? The bootstrapping happened already! The official and correct AMD software already running on the computers. Preventing a human from falling for an impostor-website with malicious Download Now links is a separate problem.

The basics are straightforward: It'd be better if the current installation contains one (or more) public keys, and anything it downloads must validate as being signed by a corresponding private key. You don't need to do fancy things like global certs, discoverable keys, or revocation lists.

If today's installation doesn't have those checks and relies solely on HTTPS... well, that's unfortunate, but it's not like it poses a tricky dilemma! You simply use today's not-so-secure mechanism to install the new code which has more-secure behavior, and it closes the attacker's window of (easier) opportunity.

[SahAssar]

> The current installation shall already contain one (or more) public keys that it trusts for updates

The current installation was fetched via HTTPS, right? Either by you or in the factory.

Just saying the "bootstrapping already happened" does not make it not happen. It still needs to bootstrap trust from somewhere

[Terr_]

I still can't figure out what problem you believe needs-fixing or what process you think needs to be explained. My most-charitable guesses are:

A. You're asking what should be done if the manufacturer's auto-update server has already been completely compromised by hackers and remains compromised.

B. [Implicitly rejected in last coment] You're asking how anybody can guarantee the very first install can be trusted even if someone has compromised drivers.amd.com .

C. You're asking if the auto-update process can somehow trick a compromised daemon into overwriting itself with a legit copy.

Those are all interesting to contemplate, but they are at best "out of scope".

[Terr_]

[Followup] To over-communicate in the hope that it somehow resolves things, we already have this chain of trust:

1. Axiom: We trust the current daemon and OS. We must assume this, because otherwise it's an entirely separate problem and this whole discussion of an auto-update channel is irrelevant.

2. Axiom: We trust the owner. Tampering with the local auto-update process is not part of our threat-model, because a user who can do that doesn't need to.

3. The daemon is already coded to trust a replacement/successor installer if it meets certain criteria, which are:

3a. It comes from a trusted domain name it already knows should be owned by the same developer/company.

3b. The remote end is authenticated to "be" that domain via certificates from the (trusted) OS.

3c. The content is protected from tampering due, becauese we trust that TLS/SSL encrypts it.

That all already exists, it does not need to be torn down or rebooted. The proposal here is to simply to harden it with a new requirement in the next version:

3d. The next install must be signed by a trusted key-pair that was shipped with the current install.

This improves trust because it means an attacker would also need to compromise keys held in a release pipeline, which is much easier to secure than a CDN/webserver.

[lazide]

Sure, but the OEM is the definition of a ‘trusted environment’. They literally are assembling the equipment, if you can’t trust that, nothing else can be trusted from that point on anyway.