| |
| ▲ | rstuart4133 2 days ago | parent [-] | | I'm guessing you don't understand the reason I don't want it to be reprogrammable. Yes, there are some advantages to me being able to reprogram it. But it comes with two big downsides. The first is if I can reprogram it, then so can anyone else. I don't know what the situation is where you live, but government has passed laws allowing them to compel all manufacturers of reprogrammable devices to all them to reprogram is with their spyware. The second is places I interact with, like banks, insist on having guarantees on the devices I use to authenticate myself. Devices like a credit card. "I promise to never reprogram this card so it debits someone else's account" simply won't fly with them. The easy way out of that is to ensure the entity who can reprogram it has a lot of skin in the game and deep pockets. This is why they trust a locked pixel running Google signed android to store your cards. But take the same phone running a near identical OS, but on unlocked hardware so you reprogram it, and they won't let you store cards. But that's the easy way out. It still let's a government force Google to install spyware, so it's not the most secure way. One way to make it secure is to insist no one can reprogram it. That's what a credit card does. In any case, if someone successfully got the law changed in the way the OP suggested, so people could not use their devices as a digital passport, it won't only be me wishing a pox on their house. | | |
| ▲ | greensh a day ago | parent | next [-] | | 1. if your government decides google has to put spyware on your phone, you wont be able to remove it, unless your device is reprogramnable. It's actually the other way around, the only way to garantue that your device is free of spyware is you reprogramming it. You shouldn't have to trust the potentially compromised manufacturer. | | |
| ▲ | rstuart4133 a day ago | parent [-] | | True, but it's turtles all the way down. There is lots of non-reprogramable firmware in what you call "hardware". The recent article here pointed out the 8087 (an old floating point co-processor) had so much firmware (for the time) Intel had to use a special type of transistor to make it fit. Modern CPU's have many such tiny CPU's doing little jobs here and there. I'm being you didn't even know they exist. They not only exist, they also have a firmware programmed into ROM's you can never change. The bottom line is you have to trust the manufacturer of the silicon, and that isn't much different to trusting someone else who loaded firmware into the device. The fact that there is always something you must trust in a device, as opposed to being able to prove it's trustworthy to yourself by just looking at it is so well known it has a name: is called the root of trust. The interesting thing is it can ensure the root of trust the only thing you need to trust. The ability to do that makes your statement factually wrong. In fact it's drop dead simple. The root of trust only need let you read all firmware you loaded back, so you can verify it is what you would have loaded yourself. TPM's and secure boot are built around doing just that. Secure boot is how the banks and whoever else know you are running a copy of Android produced by Google. | | |
| ▲ | pabs3 3 hours ago | parent [-] | | A compromise; if the manufacturer has a way to reprogram them, then the users should be able to as well. |
|
| |
| ▲ | codedokode a day ago | parent | prev | next [-] | | > but government has passed laws allowing them to compel all manufacturers of reprogrammable devices to all them to reprogram is with their spyware. In this case the government may mandate to have spyware pre-installed in the factory - which is already the case for phones and laptops in some countries. > I promise to never reprogram this card so it debits someone else's account When reprogramming, the card should wipe private keys so it becomes just a "blank" without any useful information. | | |
| ▲ | rstuart4133 a day ago | parent [-] | | That doesn't work for two reasons. Firstly the law in my country specifically forbids introducing what they call a "systemic weakness". Among other things, that bans them from demanding every device is bugged. Instead they must get an judge to authorise targeting an individual, then get the manufacturers to replace the firmware in that device. Secondly, they have no control over companies not based where I live. So I could just import it myself, provided you are successful get ever country to pass a law the denies me the right to do this the way I want to do it. |
| |
| ▲ | thesnide a day ago | parent | prev [-] | | for such security devices, there is OTP. I prefer to have my auth device bricked than compromised. for anything else, i want to be able to reprogram. so for vendors, a simple choice : * be OTP, but no "patching" * be R/W, but also by its owner | | |
| ▲ | rstuart4133 a day ago | parent [-] | | Fair enough. Sort of. You can get the same assurances OTP gives you using secure boot + open source + reproducible builds. Regardless the rest us who don't want to go through the extra work OTP creates still of use want to put our credit cards, fido2 keys, government licences, concert tickets and whatever else in one general purpose computing device so we don't have to carry lots of little auth devices. To do pull that off securely this device must have firmware I can not change. The OP wants to make it illegal to sell a device with firmware I can not change. In asking for that, they've demonstrated they don't have a clue how secure and opening computing works. If they somehow got it implemented it would be a security disaster for them and everybody else. |
|
|
|
