Le vendredi 10 juillet 2020 à 08:00 -0400, Przemek Klosowski a écrit :
>
Not quite---as I said in next sentence that you didn't include in
your quote, secure boot also tries to prevent unauthorized
modifications,
That does not work either, because if your system is remotely
exploitable, it will just be remotely exploited at every boot, and
there will be nothing stored persistently for secure boot to block
(that is actually how some windows malware started to behave once
Microsoft added boot protections).
The other usual argument is that digital keys are cheap and physical
buttons or locks expensive. Well digital keys are definitely not cheap
once you count all the work to keep digital protections up to date and
bug free, and physical buttons are definitely not expensive. I have one
on every bargain-bin iot plug in my house, to authorise initial
pairing. And those buttons will keep working far after the IOT
manufacturer will have screwed up the software update part.
Regards,
--
Nicolas Mailhot