On Friday, July 10, 2020 5:05:51 AM MST Nicolas Mailhot via devel wrote:
Le vendredi 10 juillet 2020 à 07:51 -0400, Solomon Peachy a écrit :
> On Fri, Jul 10, 2020 at 01:37:14PM +0200, Nicolas Mailhot via devel
> wrote:
>
> > If you remove end users from the loop there is zero zip nada need
> > for
> > secure boot in the first place. The sole function of secure boot
> > and
> > DRPM is to prevent end users, present in the update loop, from
> > doing
> > things the manufacturer disagreees with.
>
>
> s/manufacturer/device owner/
Nope, manufacturer. There are hundreds of other simpler ways to protect
device owner side (physical locks on racks, 2FA auth via a physical
button on the device or an sms code, etc).
The average device is not sold with locks in the supermarket. The home
or office or building or rack door is considered sufficient
protection.
Evil maid does exist, but applying evil maid generally would require
putting locks on everything you buy, from the drawers where you may
store sensitive documents someday, to the fridge where the evil maid
may serve herself on your precious lagger.
The threat scenario has been massively ovehyped to justify giving keys
to the manufacturers.
Please note that SMS two factor has been known to be insecure since 2005, and
NIST has recommended against it for just as long. (Before a bit of nonsense in
2016-2017, which I think has been corrected?)
--
John M. Harris, Jr.