Originally posted by stormcrow
View Post
Do note lot of motherboards these days are including a rom loader to be able to rewrite the EPROM if a firmware update goes wrong.
The reality here is strict. There are really two valid options. ROM firmware loader/updater + ram or ROM firmware loader/update + EEPROM of some form.
The problem here you cannot have you cake and eat it. The ram option means the OS and it drivers have to provide the firmware so the device works but its the most durable option for items that do absolutely need security updates. EEPROM is the less durable option this end up discouraging sending out updates due to the write count limit. Socketing the EEPROM seams like a good idea until you look at socket failure rates vs soldered on.
Also that one of paying companies on going money to maintain the firmware only works if the company remains in business. There are many cases of people still using hardware well after the company that made the hardware is no longer in business. Subscription program could be part of the solution but I see the legally mandatory right to the source code of the firmware and keys to replace firmware if company either ceases to exist or decides not to provide updated firmware any more as the correct solution. Of course I would to say that the company has to give the updated firmware out for free if they are willing to maintain it so would allow them to run subscription model where those paying the subscription got the updated firmware and those not paying the subscription get informed they are using insecure. Yes signed firmware allows open source and subscription for firmware at the same time. Remember per device signing is possible.
Comment