Right. So users are free to update it if they like, just not via the OS CPU. That seems reasonable. I prefer this even, as it means if my day to day OS is compromised and later patched I don't need to wonder if my firmware was backdoored.
Conversation
For something as dangerous and seldom as firmware updates I would rather do this out of band of my normal internet connected OS.
1
Not sure what's dangerous about firmware updates or why it would be seldom when these kinds of components have updates on a very regular basis. Of course, that's assuming usage of components that are actually maintained and receiving updates, again see above.
1
A vendor could be coerced by a government, like the CCP, into pushing out a firmware update with a backdoor.
I only want proprietary modules updates when it is clearly just patching a flaw or some clear advantage to me.
2
You don't have no security updates. No one cares about backdoors when there are unpatched and even publicly known vulnerabilities. This has already been discussed in this mess of a thread. The things you're saying really don't make sense and you're grasping for straws.
1
Even if the baseband is unpatched, when it is totally quarantined to a separate daughter board and not built into my CPU SoC there is more damage control than a most phones that package it all together.
1
It's not "quarantined". It's connected to the CPU and talks to the driver / device support code, which trusts it, unless you pick the rare hardware with drivers written to treat hardware as an attacker. Also, again, twitter.com/DanielMicay/st. It's misinformation/misrepresentation.
Quote Tweet
Replying to @DanielMicay @lrvick and 3 others
Components with DMA can be untrusted, and often are, due to usage of IOMMUs. Components without DMA can be trusted, and often are, due to their role in the design of the device along with the design / implementation of typical drivers trusting the hardware that they support.
1
Like I said. I agree with you here. I will have to leave it disabled except for emergencies until a better reverse engineered driver solution exists or a replacement module exists.
1
i, too, love using a communications device with communications turned off "99.9%" of the time
1
seriously, untag me if you're going to continue to argue, or i'll block you
1
I also should have untagged you earlier, I just usually don't touch it. Didn't expect this to go on so long.
