I don't think that many people have seen the attack vector of firmware that also needs to be signed. I guess the solution, is that it is possible to flash the hardware with a self signed firmware? Do you know of any progress in that area? Hardware vendors making tools and specification available for signing and flashing? I guess the procedure will be something like this:
1. User download Linux distro. 2. User disables secure boot. 3. User installs Linux distro. 4. Linux distro has a pop up, that ask if it should flash any hardware with a secure key that matches the distro kernel. 5. User enables secure boot with said key.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ROM firmware?
Date: 2012-02-13 07:34 am (UTC)Do you know of any progress in that area? Hardware vendors making tools and specification available for signing and flashing?
I guess the procedure will be something like this:
1. User download Linux distro.
2. User disables secure boot.
3. User installs Linux distro.
4. Linux distro has a pop up, that ask if it should flash any hardware with a secure key that matches the distro kernel.
5. User enables secure boot with said key.
So step 4...?