Still waiting for Samsung et all nvme firmwaeupdates for consumer /n on OEM devices. Funny tho.. AFAIK Samsung provides firmware caps for dell which are flashable if your device has a dell/Samsung drive

I think the problem is, firmware rollback blocking is hailed as a powerful solution to improve security, when many systems don't fulfill the prerequisites to make this measure meaningful.

To break a computer with full-disk encryption with up-to-date scheme, the easiest way is still the famous $5 wrench in xkcd comic strip. Outside of that, it is either hardware keylogger or firmware keylogger. If we allow firmware rollback without physical access, then sure, this pose extra risk to rootkit installation. But if physical access is already there, hardware keylogger doesn't seem that hard to install for a spy. To me, allowing firmware rollback improves system reliability enough that I am willing to take the risk of firmware rollback.

To prevent keylogger lurking in a computer, we need extra computer interface design, such that a user is strongly aware of any change or addition to connected keyboard / mouse any time they type password. Windows, MacOS, the relevant components in Linux such as KDE/GNOME/lightdm/command line login shell... I don't see any of them implement such scheme to detect so. There is no authentication protocol to mice and keyboards. Companies have added locking to monitors, worrying people "steal" their precious movies. But for keyloggers prevention? No effort is done.

If we have an effective scheme so that a computer user can easily be aware if there are any hardware / firmware change / removal / addition before typing the first password into it, then we are truly improving the computer security. And when that happens, firmware rollback is just yet another firmware change which is safe as now the user knows if this is instructed by oneself or unexpected thus likely malicious.

Yup, it works on FreeBSD too. Some plugins even work on Windows too!

Answered my own question: in short no because of linuxisms, couldn't even port to FreeBSD rather yet OpenBSD or NetBSD -- Source: https://archive.fosdem.org/2021/sche...pd_to_the_bsd/

Really? I'll have to try it, I just found a paper that said they tried but it didn't work (slides not a paper) https://archive.fosdem.org/2021/sche...pd_to_the_bsd/

Yes https://blog.3mdeb.com/2021/2021-02-...under-freebsd/ was all merged into fwupd upstream. It was all in CI for a while too https://github.com/fwupd/fwupd/blob/...bsd_package.sh