Every ARM SoC is proprietary, closed hardware. Same applies to most other hardware components like Wi-Fi / NFC / cellular radios, touchscreens, cameras and even batteries. There is nothing open about it, and not shipping the firmware updates just exposes users to vulnerabilities.
Conversation
Replying to
Then close off the attack surface to access these from untrusted domains. Installing new black boxes is not security hygiene.
1
Replying to
There's a lot of work by others on improving isolation for these components and reducing exposed attack surface. I'm not particularly focused on security in this thread but rather frustration with projects falsely pretending to be open hardware or provide better privacy/security.
1
3
I don't understand how people can get away with presenting completely proprietary hardware / firmware as open. I'm sure it's even more frustrating for people doing the hard work of making actual open hardware, especially those trying to match current privacy/security properties.
Replying to
Absolutely. I share your frustration with misrepresentation of ARM SoCs as open, just not your enthusiasm for allowing post-shipping black box code in to replace one set of vulns with another, possibly-intentional set.
1
Replying to
It's not really a black box when it's not obfuscated and can be disassembled. The firmware signing keys for a lot of these things are also not controlled by the SoC vendor but rather the phone vendor and development boards can be obtained without keys burned into the fuses yet.
2
2
Show replies