|
|
|
|
|
|
by devconsole
4440 days ago
|
|
|
What I mean is, how would we verify the BIOS firmware matches what that source code should produce? If it's possible for us to make our own builds (i.e. there's no cryptographic signing for the BIOS binaries) then an adversary can insert a backdoor into the source code, make their own build, and then remotely flash your hardware with it. Or does flashing the hardware require some kind of manual operation, like holding down a button for 30 seconds? |
|
|