

We need open source firmware - jernst
http://upon2020.com/blog/2015/02/we-need-open-source-firmware/

======
greenyoda
_" nobody has ever bought (or not bought) a hard drive because of better
firmware."_

This may not be true for solid state drives, where the algorithms used in the
firmware could significantly affect the performance, reliability and lifetime
of the drive.

~~~
hga
Maybe true in the consumer world, but Western Digital attempted to enter the
SCSI enterprise market in the mid-late '90s and I'm told failed because their
firmware's write speeds were not competitive compared to Seagate and IBM ...
and they ended up buying the latter after it's disk division passed through
Hitachi.

------
geoelectric
I'd like to see open source firmware too.

But to the specific argument, wouldn't a reference hash of the blob and/or
crypto signing be adequate to verify it's what was delivered?

------
jernst
Something verifyable definitely would help, like with a checksum. But then,
how do make sure that what you are verifying is actually what is running?

------
cottonseed
Wouldn't full-disk encryption mitigate hard drive firmware attacks?

~~~
jlubawy
FDE will not help in this case since it only encrypts user data written to the
media. However, some of the higher-end HDD models have signed firmware support
which renders firmware useless unless it is cryptographically signed by the
manufacturer.

~~~
cottonseed
I don't understand this. If you're using FDE, how does the hacked firmware
ever escape the drive?

