Real security processors never give big bounties because when bugs are discovered all the buyers immediately cancel their orders of the 'faulty' secure chips.
They'd prefer to live in ignorance.
show comments
lll-o-lll
What an interesting talk, and an interesting concept also. Open source hardware security; get the security researchers interested and fix the security defects.
The “read the data out with a super expensive microscope” remained. Is there any way to defeat that attack I wonder? I suppose the hsm model of “destructive tamper detection” is one way.
show comments
IlikeKitties
There's a lot of people that believe that hardware remote attestation will be the end of computational freedom. I'm glad to see that bypasses are still quite possible.
lysace
I've had a bit of a difficulty of understanding the actual benefits of proper secure boot vs zero protection.
I've arrived at this understanding: secure boot sometimes allows you to recover a compromised fleet without recalls. Instruct the customer to disconnect the device, reboot it and then somehow reflash it before getting infected again? Seems fraught with errors though.
When I worked with IoT HW companies in Taiwan their understanding tended to be along the lines of: "it makes the device secure" or "it prevents the firmware from being used by clone devices".
(It's been a while since I worked in this area.)
show comments
[deleted]
michaelt
Seems a bit of a strange feature to even want on a product targeting the education market. In a classroom setting you don't really want students to be able to set fuse bits so the device can't be re-programmed.
Presumably this is a sign RPi are deliberately aiming to straddle the hobby and light commercial markets?
Real security processors never give big bounties because when bugs are discovered all the buyers immediately cancel their orders of the 'faulty' secure chips.
They'd prefer to live in ignorance.
What an interesting talk, and an interesting concept also. Open source hardware security; get the security researchers interested and fix the security defects.
The “read the data out with a super expensive microscope” remained. Is there any way to defeat that attack I wonder? I suppose the hsm model of “destructive tamper detection” is one way.
There's a lot of people that believe that hardware remote attestation will be the end of computational freedom. I'm glad to see that bypasses are still quite possible.
I've had a bit of a difficulty of understanding the actual benefits of proper secure boot vs zero protection.
I've arrived at this understanding: secure boot sometimes allows you to recover a compromised fleet without recalls. Instruct the customer to disconnect the device, reboot it and then somehow reflash it before getting infected again? Seems fraught with errors though.
When I worked with IoT HW companies in Taiwan their understanding tended to be along the lines of: "it makes the device secure" or "it prevents the firmware from being used by clone devices".
(It's been a while since I worked in this area.)
Seems a bit of a strange feature to even want on a product targeting the education market. In a classroom setting you don't really want students to be able to set fuse bits so the device can't be re-programmed.
Presumably this is a sign RPi are deliberately aiming to straddle the hobby and light commercial markets?