My main concern with this is the failure mode: particularly what happens if a key gets leaked: What is the best response of a hardware vendor in that case?
a) They come clean tell all their users that the cerficates flashed in their cpu no longer provides security and that they should go buy someone else's laptop. A competetor's laptop to be exact since it'll take them a while to get hardware out of the door with fresh keys. Also they can scrap all their inventory.
b) They say nothing because they very likely can't afford a) *maybe* they will replace keys in new hardware but, really, that's incredibly unlikely.
Anyway the point being that there seems to be absolutely no incentive for vendors to respond responsibly to any breach, and no recourse for users. I honestly don't even know what a responsible and reasonable way for a company to handle this would even look like.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Really bad failure mode.
Date: 2015-02-17 07:49 am (UTC)a) They come clean tell all their users that the cerficates flashed in their cpu no longer provides security and that they should go buy someone else's laptop. A competetor's laptop to be exact since it'll take them a while to get hardware out of the door with fresh keys. Also they can scrap all their inventory.
b) They say nothing because they very likely can't afford a) *maybe* they will replace keys in new hardware but, really, that's incredibly unlikely.
Anyway the point being that there seems to be absolutely no incentive for vendors to respond responsibly to any breach, and no recourse for users. I honestly don't even know what a responsible and reasonable way for a company to handle this would even look like.