Integrity and embedded devices

The point of the article is that you can't do the things
you describe (lock/unlock the flash, read the flash) with
the existing devices, because the vendors don't bother
to make it possible, even though it would cost them nothing.

You can't physically lock and unlock the flash unless they
connect the !WP pin to an appropriate switch. You can't
verify the flash contents without unsoldering the flash from
the board, unless they buffer the SPI bus.

I have discussed this and other security options with
device vendors, and they use the excuses that it would cost
too much, and no customers care. Hopefully this can stimulate
some discussion there.

As for secure boot (validating the signature of the kernel),
this makes updating more convenient - you can leave the kernel
and rootfs writeable, and easily updated, so long as the
u-boot based signature checking is locked. I have had several
embedded devices which required firmware updates - it seems
typical for devices with buggy firmware to be rushed out the
door, followed by an update which actually works 3-6 months
later. I even had a "smart" TV which frequently locked up
until they shipped out a patch 4 months after I bought it.
In addition, secure boot defends against malicious firmware
updates, although that's not yet a problem in the wild.