Still waiting for Samsung et all nvme firmwaeupdates for consumer /n on OEM devices. Funny tho.. AFAIK Samsung provides firmware caps for dell which are flashable if your device has a dell/Samsung drive
Announcement
Collapse
No announcement yet.
Fwupd 1.8.8 Released For New Hardware, BIOS Rollback Protection For Dell & Lenovo
Collapse
X
-
Originally posted by stormcrow View Post
Not strictly true. It depends entirely what your end goal is. This is why it's extremely important to do a rational survey of your or your organization's threat actors and design realistic plans to protect against them, including those actors that obtain physical access. Otherwise, exactly why would you bother setting up full disk encryption if your statement were always true? (hint: It's not.) Security is about layers, including physical security, software and firmware security, credential and identity security, and the privacy of data. All of those individual categories require multilayered defenses in each case. There is a reason why governments are up in arms about default full device encryption with enforced wipes. They usually can't break it, and the rare cases when they can it's not without extraordinary measures that only an organization with extreme resources can command.
To break a computer with full-disk encryption with up-to-date scheme, the easiest way is still the famous $5 wrench in xkcd comic strip. Outside of that, it is either hardware keylogger or firmware keylogger. If we allow firmware rollback without physical access, then sure, this pose extra risk to rootkit installation. But if physical access is already there, hardware keylogger doesn't seem that hard to install for a spy. To me, allowing firmware rollback improves system reliability enough that I am willing to take the risk of firmware rollback.
To prevent keylogger lurking in a computer, we need extra computer interface design, such that a user is strongly aware of any change or addition to connected keyboard / mouse any time they type password. Windows, MacOS, the relevant components in Linux such as KDE/GNOME/lightdm/command line login shell... I don't see any of them implement such scheme to detect so. There is no authentication protocol to mice and keyboards. Companies have added locking to monitors, worrying people "steal" their precious movies. But for keyloggers prevention? No effort is done.
If we have an effective scheme so that a computer user can easily be aware if there are any hardware / firmware change / removal / addition before typing the first password into it, then we are truly improving the computer security. And when that happens, firmware rollback is just yet another firmware change which is safe as now the user knows if this is instructed by oneself or unexpected thus likely malicious.
Comment
-
-
Originally posted by kylew77 View PostDo any other Unix-like support Fwupd? I thought it was Linux specific but the wording in the article made me think that maybe a BSD has picked it up too?
Comment
-
Originally posted by hughsie View Post
Yup, it works on FreeBSD too. Some plugins even work on Windows too!
Comment
-
Originally posted by kylew77 View PostReally?
- Likes 1
Comment
Comment