Am Samstag, dem 08.03.2025 um 14:51 +0100 schrieb Johannes Schauer Marin Rodrigues: > If you don't trust the vendor, then it makes no difference whether or > not new official firmware/microcode can be uploaded/flashed or not. > If you don't trust the vendor, then the initial microcode that came > with your device might already be doing things that go against your > interests.
The trust relationships are more complex than you put it. You have to trust the chip vendors, the OEMs, the merchants, the delivery company, the hotel room service etc. etc. Since Snowden, we know that custom hardware bugs installed by anyone in the supply chain are a real thing. The recommendation for risk groups like journalists and lawyers nowadays is to buy random hardware from the store and pay with cash. However, I agree with you that we do not have a lot of options when it comes to affordable consumer hardware. Even the various projects which try to create openness still depend on proprietary firmware. The situation is improving compared to what it used to be, but we still have a long way to go. Regards Stephan
signature.asc
Description: This is a digitally signed message part
