Hacker News new | past | comments | ask | show | jobs | submit login

It's really too bad that nobody makes hardware with the obvious solution - put the firmware in ROM. Then it cannot be altered by malware.

If the vendor really, really wants to update the firmware, have the write-enable switch be a physical one, not a software switch.




Heh. I'm so old, I can remember that only time, ever, that a vendor sent me an upgrade hardware and a box to return the old one in. (Don't remember which vendor, only that it wasn't a rich one.)


Mind boggling this isn’t the default.


You really want vendor to patch vulnerabilities in firmware without pushing any buttons.


And you really don't want malicious actors to push malware to vulnerable firmware without pushing any buttons.

When firmware can't fully trust itself (and it cant), the correct option is to deffer ultimate judgement and control to the physical owner.


This wouldn't work with consumer hardware.


Why?


So you want the ability to remotely update to protect against the malware being installed via remote update?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: