Originally posted by phoron
View Post
Originally posted by phoron
View Post
Originally posted by phoron
View Post
Originally posted by phoron
View Post
Originally posted by phoron
View Post
Originally posted by phoron
View Post
That's fine if it is free and everybody can audit it. If it's a blob then it gets more complex to really trust them just once. You're trusting them for the wiring when you buy the hardware and for the firmware when you download the firmware. That's two times. You could think of shipping the hardware with a CD, but the CD might possibly be exchanged at a shop or customs and at at some point it gets more complex than just a ROM.[/QUOTE]
But it doesn't because of hashing and signing. Besides, whether you buy two things together or buy them separately it doesn't affect the amount of trust required as long as there are mechanisms in place to ensure that only valid microcode is loaded.
Originally posted by phoron
View Post
I'm just saying that right now you are steering HW vendors towards non-upgradable microcode, which is generally bad for everyone.
Comment