I’d like to emphasize, Dell is very good on security overall...so this not an indictment of the company, but rather indicative of a pervasive risk from management controllers, and a motivator for HW root of trust!
-
-
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
HW root of trust is required but not sufficient. You need a design with appropriate isolation and separation of responsibility. Verifying the hash of buggy firmware does not remove the bug.
-
That’s true! But at least root of trust would prevent rogue firmware from being loaded. Buggy isn’t good, but sure beats malicious.
-
The only real difference is in the ability for malicious code to be persistent. Buggy SW / HW / systems should be assumed malicious. This is why in addition to HW root of trust we apply methodologies like model checking critical code of the TCB. http://www.kroening.com/papers/cav2018-aws.pdf …
End of conversation
New conversation -
-
-
Any technical detail about the vulnerability. It seems a post auth.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.