top | item 46461041

(no title)

abeyer | 1 month ago

According to the details in their whitepaper, firmware is signed, but the management protocol allows reading arbitrary memory, so you can read out the keys and sign your own payload.

I'm not sure anyone intentionally did this, but there were several poor decisions involved. It sounds like the upstream vendor shipped sample code without auth, assuming implementers would know they needed to secure a privileged device management interface, and said implementers just copied the sample and shipped it.

discuss

DrNefario|1 month ago

I haven't read the whitepaper, but surely the ROM wouldn't include its own private signing keys. Is it maybe encrypted instead of signed?