Hi, On 2021-07-07 8:46 a.m., rhkramer@gmail.com wrote: > On Tuesday, July 06, 2021 10:53:52 PM Kevin N. wrote: >>> Can somebody provide either a little more explanation and / or a link to >>> a (reasonably simple) reference? >> >> https://www.embeddedcomputing.com/technology/security/network-security/secu >> re-flash-the-cure-for-insecurity-in-connected-automotive-and-industrial-app >> lications-part-1 >> >> https://www.embeddedcomputing.com/technology/security/network-security/secu >> re-flash-the-cure-for-insecurity-in-connected-automotive-and-industrial-app >> lications-part-2 > This was a good explanation to the original thread name. > Thanks to all who replied! > > This (the link above) happens to be one of the links I did find and read / skim > -- it didn't seem applicable. > > I thought it would be something applicable to secure boot or similar. > What you may want to use is secure boot. Your original message was related to something different and this seem why you got the links above. > Maybe unrelated but I also came across some kind of option in my search, which > without looking for again, is something like diable <something -- BIOS?> > rollover (right word?). For sure, if you write messages using such precision as "<something -- BIOS?> " then your risk of receiving answer that are good but don<t go into your direction are quite high. We have thousands of word used for communicating and they grow every day. Each domain has it's own particular word because user of those specific word have found a need to be precisely understood. A floppy is not a harddrive (even if some floppy used to be hard like the 3.5). Flash can be a generic term for a type of memory but when you are talking about embedded system or electronic, flash mostly means a form of persistent memory than can be electronically modified (as opposed to UV ROM that would need a UV light). In general computing, a flash memory can means the USB stick that you use. By reading your last message, what I get is two thing. First : A lack of clarity Second : You seem to want the use of secure boot so that your system is secured from the start up. Of third : There's also a possible option to disable BIOS flashing, that is the possibility of a user updating the BIOS (or UEFI) that is on your motherboard. There were some limited attack using BIOS updates. Regarding the links some other user sent you above. Maybe the seem irrelevant for you but instead of reading them looking for a exact solution why don't you read them trying to understand what make a system secure and what not. But maybe those links are too complex (we all have stuff that is not ready for us to digest at this moment). This is why the use of the right word are important. If we use them interchangeably because we thing they may fit, we don't get understood and risk understanding them the wrong way. Good luck with your secure boot (that include some signature keys flashed into the UEFI at the factory). > > I guess I'll let things sit for now, and when I install Debian (presumably > Bulleye) on my newest computer, I'll look again. > Maybe reading on the subject of Secure Boot (on Debian doc is a good start) and the general subject of hardware security in general would help you for the next step. You can find much information online. If you get into a link that is not closely related to your problem, read it anyway as it will allow you to get better understanding of other use-case. Sincerely, -- Polyna-Maude R.-Summerside -Be smart, Be wise, Support opensource development
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature