> I only know about it from the Qubes Anti-Evil-Maid defenseI read about anti evil maid at https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html and they make it clear that if BIOS is compromised, then all this signature/hash/TPM scheme will not work. This brings us back to square one: how to prevent bootloader from being compromised? To summarize: so far I heard about secure boot loaders only in 2 chip families: Microsemi FPGA and Maxim Cortex MCU with Secure Boot loader.
Is there a process for secure firmware install/upgrade for device made offshore?
Started by ●June 24, 2017
Reply by ●July 7, 20172017-07-07
Reply by ●July 17, 20172017-07-17
On 07/08/17 00:09, jhnlmn@gmail.com wrote:>> I only know about it from the Qubes Anti-Evil-Maid defense > > I read about anti evil maid at > https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html > and they make it clear that if BIOS is compromised, then all this signature/hash/TPM scheme will not work. > > This brings us back to square one: how to prevent bootloader from being compromised? > To summarize: so far I heard about secure boot loaders only in 2 chip families: Microsemi FPGA and Maxim Cortex MCU with Secure Boot loader.One queston to ask is: do you really need to ship the firmware to China ?. The reason might be so that the finished item can be tested, but why not ship e minimal firmware, just enough to show that the hardware works ?. Them do the final programming at this side of the pond. If you don't send it, they can't copy it... Chris
Reply by ●July 17, 20172017-07-17
Am 17.07.2017 um 20:52 schrieb Chris:> One queston to ask is: do you really need to ship the firmware to > China ?That will only get you back to the issue I described 3 weeks ago: installing the secret yourself is not a solution either, because then you will effectively no longer be manufacturing in China. If you have to ship all the stuff back to home base, unwrap it, open it up far enough to get at the internal programming interface to install firmware, then put it all back together again, and re-package for final delivery. The overhead in terms of both delay and money will be considerable. You'll effectively be manufacturing at home. And anyway: how do you know you can actually trust your local employees so much further than your overseas contractors? And of course a criminal at the Chinese end could still side-track to the black market devices with the testing-only software still on them. Good luck explaining to "your" customers why apparently genuine devices do not work _at_all_.
Reply by ●August 12, 20172017-08-12
> Chris > do you really need to ship the firmware to China ? > ... Them do the final programming at this side of the pond.iPhones and most other consumer devices these days are made in China and shipped straight from China to final customers. Most companies do not have even distribution nor manufacturing facilities in US anymore.> Hans-Bernhard Bröker > how do you know you can actually trust your local employees so much further than your overseas contractors?Well, US based employees and contractors can be sued, arrested, etc, Chinese contractors are completely unpunishable. It is just your brain and skills versus theirs.> Good luck explaining to "your" customers why apparently genuine devices do not work _at_all_.I think if we will solve my original problem - how to securely install some secret code and/or key on our devices, then it will be trivial to determine which devices are genuine and which are fake.
Reply by ●August 14, 20172017-08-14
jhnlmn@gmail.com writes:> I think if we will solve my original problem - how to securely install > some secret code and/or key on our devices, then it will be trivial to > determine which devices are genuine and which are fake.I know of a company that got its stuff built at two different Chinese manufacturers, in a way that both manufacturers would have had to collude to get the keys out. I guess that's a start.
