Le jeudi 09 juillet 2020 à 23:58 -0400, Przemek Klosowski via devel a
écrit :
While it's true that a completely secure software chain doesn't
really exist yet, we are slowly going in that direction, because it
is just inconceivable otherwise in the world with billions of
autonomous IOT devices
That’s a joke isn’t it? The problem IOT side is not the security of the
software update chain. The problem is that manufacturers skimp on
software updates in the first place, and refuse to provide the length
of support software-side, that users have come to expect hardware-side.
Leading to vast deployments of abandoware.
A lot of things, starting with the DRM target that funded secure boot,
would not exist if manufacturers were serious about updates, because
those systems are increadibly brittle and incompatible with a long term
support view.
--
Nicolas Mailhot