Eric Schultz <eschu...@prplfoundation.org> wrote:
> prpl member IntrinsicID has physically unclonable function technology
> which allows a key to be generated at bootup based upon the physical
> characteristics of the device. It's the same key generated everytime
> but it isn't actually stored in flash. Their technology requires a paid
And, is it the same for every device?
This sounds like fake security to me.
reading the web site, it seems to be based upon pulling IDs from DIMMs.
Maybe I don't understand the goal here.
>> There are "automated" signatures (e.g. from builbot) and manual ones,
>> from humans. For protecting ourselfes from bad admins, there should be
>> a "secret thing" which is baked into the firmware and only seeable
>> during runtime: this way we can prevent, that a lazy admin "signs" a
>> sha256 sum, without really has flashed the image and can make sure
>> that it really runs.
>>
>> Now the question: a secret can be e.g. # ls -la /etc | md5sum
>>
>> This is naive, and a dumb admin can e.g. unsquashfs the image for
>> getting the data. are there better methods? any ideas?
>>
>> bye, bastian
>>
>> _______________________________________________ Lede-dev mailing list
>> Lede-dev@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
> _______________________________________________ Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
