Ah, I didn't realize this was about firmware in ROM (as you admittedly clearly say in the post). I thought this was about drivers uploading firmware to a card.
Then I wonder about how such a check can possibly be implemented. As far as I can tell, there is no standard way for a computer to request a device to send its firmware, and no enforceable way to prevent a card responding with something other than its true firmware.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Signing the firmware
Date: 2012-08-17 12:21 am (UTC)Then I wonder about how such a check can possibly be implemented. As far as I can tell, there is no standard way for a computer to request a device to send its firmware, and no enforceable way to prevent a card responding with something other than its true firmware.