[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help: explanation of secure flash?


On 2021-07-07 8:46 a.m., rhkramer@gmail.com wrote:
> On Tuesday, July 06, 2021 10:53:52 PM Kevin N. wrote:
>>> Can somebody provide either a little more explanation and / or a link to
>>> a (reasonably simple) reference?
>> https://www.embeddedcomputing.com/technology/security/network-security/secu
>> re-flash-the-cure-for-insecurity-in-connected-automotive-and-industrial-app
>> lications-part-1
>> https://www.embeddedcomputing.com/technology/security/network-security/secu
>> re-flash-the-cure-for-insecurity-in-connected-automotive-and-industrial-app
>> lications-part-2
This was a good explanation to the original thread name.

> Thanks to all who replied!
> This (the link above) happens to be one of the links I did find and read / skim 
> -- it didn't seem applicable.  
> I thought it would be something applicable to secure boot or similar.  
What you may want to use is secure boot. Your original message was
related to something different and this seem why you got the links above.

> Maybe unrelated but I also came across some kind of option in my search, which 
> without looking for again, is something like diable <something -- BIOS?> 
> rollover (right word?).
For sure, if you write messages using such precision as "<something --
BIOS?> " then your risk of receiving answer that are good but don<t go
into your direction are quite high.
We have thousands of word used for communicating and they grow every
day. Each domain has it's own particular word because user of those
specific word have found a need to be precisely understood.
A floppy is not a harddrive (even if some floppy used to be hard like
the 3.5). Flash can be a generic term for a type of memory but when you
are talking about embedded system or electronic, flash mostly means a
form of persistent memory than can be electronically modified (as
opposed to UV ROM that would need a UV light).
In general computing, a flash memory can means the USB stick that you use.

By reading your last message, what I get is two thing.
First : A lack of clarity
Second : You seem to want the use of secure boot so that your system is
secured from the start up.
Of third : There's also a possible option to disable BIOS flashing, that
is the possibility of a user updating the BIOS (or UEFI) that is on your
motherboard. There were some limited attack using BIOS updates.

Regarding the links some other user sent you above. Maybe the seem
irrelevant for you but instead of reading them looking for a exact
solution why don't you read them trying to understand what make a system
secure and what not.

But maybe those links are too complex (we all have stuff that is not
ready for us to digest at this moment). This is why the use of the right
word are important. If we use them interchangeably because we thing they
may fit, we don't get understood and risk understanding them the wrong way.

Good luck with your secure boot (that include some signature keys
flashed into the UEFI at the factory).

> I guess I'll let things sit for now, and when I install Debian (presumably 
> Bulleye) on my newest computer, I'll look again.

Maybe reading on the subject of Secure Boot (on Debian doc is a good
start) and the general subject of hardware security in general would
help you for the next step.

You can find much information online. If you get into a link that is not
closely related to your problem, read it anyway as it will allow you to
get better understanding of other use-case.
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to: