Re: Debian derivatives census: Inquisitor: status?

To: Mikhail Yakshin <greycat.na.kor@gmail.com>
Cc: debian-derivatives <debian-derivatives@lists.debian.org>
Subject: Re: Debian derivatives census: Inquisitor: status?
From: Blibbet <blibbet@gmail.com>
Date: Thu, 18 Jun 2015 10:22:52 -0700
Message-id: <[🔎] 5582FE6C.4020700@gmail.com>
In-reply-to: <[🔎] CANp_HXewiOBWPDLwxoPwxV-TAQ0cQR=p1MsK3W4a6jv0A3_7jQ@mail.gmail.com>
References: <[🔎] 1434336351.16538.65.camel@debian.org> <[🔎] CAKTje6H+oOy1dk=KW2GBJT5QrYJ2f25wYN85uGU4z2_L7HsZpg@mail.gmail.com> <[🔎] 20150616192130.GA1659@stargrave.org> <[🔎] 1434508093.16538.231.camel@debian.org> <[🔎] CANp_HXeP1qxjYJH9Hjok+Sq0+PQbaY8cZQWmCRsG+KkS1YOiLA@mail.gmail.com> <[🔎] 5581CF12.90004@gmail.com> <[🔎] CANp_HXewiOBWPDLwxoPwxV-TAQ0cQR=p1MsK3W4a6jv0A3_7jQ@mail.gmail.com>

>> However, I also consider security issues part of basic hardware
>> functionality. If I'm buying a new server, I want to see CHIPSEC logs
>> first, if the hardware is known to be vulnerable, I'm going to return
>> it, just like if it had a bad mobo.
>
> CHIPSEC checks are not a matter of stability or something - it's just
> a matter of identification. It's binary - vulnerable / not vulnerable,
> that's not some analogue signal / cooling system performance /
> temperature graphs / etc.

Yes, CHIPSEC checks are not the normal hardware checks that most
hardware testing tools normally check for. CHIPSEC tests if the OEM
built insecure hardware. It is a one-time test that most people don't
check, unlike if power supply/etc works. If the machine does not
operate, it should not be purchased. If the machine was insecurely
built, it should not be purchased. If it was purchased, it should be
returned as faulty. Some clients are not able to influence their
merchants, but others are. Unfortunately, all of the purchase criteria
people make today with hardware often does not include broken security
design. But after the system is purchased, that's nearly all people
focus on, and if CHIPSEC logs show the system if flawed, then you can't
have a secure system. I'd like to get to a point where OEMs include
CHIPSEC logs as part of their pre-sales information, to show that their
products are not flawed.

Thanks,
Lee

Reply to:

Follow-Ups:
- Re: Debian derivatives census: Inquisitor: status?
  - From: Paul Wise <pabs@debian.org>

References:
- Debian derivatives census: Inquisitor: status?
  - From: Paul Wise <pabs@debian.org>
- Re: Debian derivatives census: Inquisitor: status?
  - From: Paul Wise <pabs@debian.org>
- Re: Debian derivatives census: Inquisitor: status?
  - From: stargrave@fsfe.org
- Re: Debian derivatives census: Inquisitor: status?
  - From: Paul Wise <pabs@debian.org>
- Re: Debian derivatives census: Inquisitor: status?
  - From: Mikhail Yakshin <greycat.na.kor@gmail.com>
- Re: Debian derivatives census: Inquisitor: status?
  - From: Blibbet <blibbet@gmail.com>
- Re: Debian derivatives census: Inquisitor: status?
  - From: Mikhail Yakshin <greycat.na.kor@gmail.com>

Prev by Date: Re: Debian derivatives census: Inquisitor: status?
Next by Date: ParrotSec: invitation to join the Debian derivatives census
Previous by thread: Re: Debian derivatives census: Inquisitor: status?
Next by thread: Re: Debian derivatives census: Inquisitor: status?
Index(es):
- Date
- Thread