Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> It's not just about updates through regular channels but about evil maid attacks with signed malicious firmware.

Yes, evil maid attacks are the primary way for targeted attacks using malicious firmware.

So this is something that maybe the TCG should tackle. It should be possible (maybe it is?) to require that the host meet some policy before the firmware update can run -- this would prevent unauthenticated evil maid attacks.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: