| |||||||||||||
Threat models for embedded devicesThreat models for embedded devicesPosted Apr 19, 2010 9:26 UTC (Mon) by kpvangend (guest, #22351)Parent article: Threat models for embedded devices
Many embedded vendors still consider users that change the firmware a threat.
So they thwart that by using using cryptographically signed updates, executables and/or images, not providing easy update mechanisms, etc.
There is still a lot of education needed towards vendors: they will not lose revenue if they open up the device / they might loose revenue if the competitors product is popular for tweaking.
On the other hand most consumers aren't that into tweaking their television - must users don't even change simple color settings to match their environment.
For all Linux devices I've seen with DRM, that is usually well taken care of - unencrypted digital streams are not available to Linux in any way (but remain in co-processors/DSPs/etc).
(Log in to post comments)
Threat models for embedded devices Posted Apr 19, 2010 11:49 UTC (Mon) by Darkmere (subscriber, #53695) [Link]
I'm in a bit of a bind here myself. I'm just starting development on an embedded project that will go out to tinkerers. However, due to the support nightmare that is customized service&hardware model in question, I'd love to be able to sign off at least the supported binaries.
That means, they would be allowed (and okay) to run other software, as long as the "core functionality" can be verified as unmanipulated, simply so we say "you changed it, keep all the pieces" in support.
So yes, we are partially in that same boat, but for a business reason I cannot argue with. Supporting modified binaries would cause a pain. So would it if they were to add too much software and the oom-killer would hit the core software (which can't normally go oom due to careful vetting)
So, what should I do in a situation like this? Soak a support cost, trust customers honesty, or try and prevent my headache?
Threat models for embedded devices Posted Apr 19, 2010 21:34 UTC (Mon) by nix (subscriber, #2304) [Link]
You can prevent the oom-killer from ever killing your core software by echoing -17 to /proc/$pid/oom_adj (root required, so you'll need a setuid wrapper or something).
Threat models for embedded devices Posted Jul 4, 2010 22:47 UTC (Sun) by oak (subscriber, #2786) [Link]
That's only valid until such processes themselves (or their children inheriting the property) exhaust the memory...
|
|||||||||||||