|
|
|
|
|
|
by cmsj
4333 days ago
|
|
|
Thanks for the reply :) I suspect an ideal state to be in would be that there was no firmware flashing at all, the various bits of hardware would have some version of the firmware in ROM and could load a replacement firmware into RAM, but never be able to store that in a PROM, thus guaranteeing that no malicious code could ever persist between tenants.
Probably a lot harder to arrange with hardware people though. I guess my concern with signed firmware is that it's increasing the attack surface of the firmware by adding in crypto code. Identifying malicious code is going to be hard enough to start with, let alone hunting down its attack vector, let alone getting a decent fix from some vendor in a useful timeframe! |
|
|