On Mon, 29 Apr 2024 21:05:15 +0100
Daniel Golle <dan...@makrotopia.org> wrote:
> Hi Michael,
>
> On Mon, Apr 29, 2024 at 03:04:37PM -0400, Michael Richardson wrote:
> >
> > {sorry for the long delay, been unwell}
> >
> > Bjørn Mork <bj...@mork.no> wrote:
> > > Maybe it is possible to deploy the system with secure boot
> > > and a protected IDevId key by default, but allowing the
> > > user/owner to erase the key and disable secure boot? This
> > > way all use cases could be supported, including playing with
> > > the BL2 code etc.
> >
> > It won't work that way. If someone can easily turn off secure
> > boot, then so can malware.
>
> Malware cannot remove or add a physical jumper or press a physical
> button on the board (we got a jumper to write-protect the SPI-NOR
> flash).
Correct, and IIRC a switch to choose which on-board flash to boot from?
This, plus the lockable boot block feature found in about all modern
flash chips is really all it takes to implement a really secure boot. It
is only a question of U-Boot patches, which can be 100% free and open
source software, absolutely no NDA required.
> Believing that secure boot could provide protection from malware also
> misses an important point: Most malware nowadays doesn't even strive
> for persistency but rather relies on exploitable run-time
> vulnerabilities. We are in an always-online world, the classic "boot
> sector virus" is an archaic thing from the 1980s.
Exactly. Thanks for the public reminder!
Torsten
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
