El Thu, Aug 25, 2016 at 12:01:48AM -0400, Stefan Monnier deia:
mmm... manually taking it out is cumbersome. And leaves some time vulnerable to remote attacks (during boot and between boot and removal).
Sure. Same issue w.r.t how realistic such an attack would be compared to the clear and obvious attacks to your freedom perpetrated in the name of "secure boot".
I'm not advocating for secure boot. In fact I advocate against any form of secure boot that is not under the user control at all times. I also avocate against any service or content that requires secure boot or remote attestation, even if the user could choose not to use the service or content and not to use secure boot, or not to use certain keys.
I'm only trying not to sell something broken to those who want secure boot under user control.
uSD cards already have a microcontroller in them. And some have been hacked, I think. You could design one that has a way to define a read only part (not like the SD cards that have that switch which only asks the O.S. "please don't write me" but like the microcontrolled answering "nah nah nah I don't hear you" when write requests to the specified range arrive).
Probably easier would be to make a µSd card where the little switch is not just advisory but is "put [...] in serial to the write enable in the EEPROM or NAND" on the card ;-)
Yes. I only said that because SD cards have a switch and uSD cards don't so I thought there is some mechanical difficulty in puting a switch in a card so small.
You could put a switch in a uSD card, but that would make the whole uSD card read only, so you would need something else for storage space. If you can get simply a part readonly that'd be much better and self contained.
And yes, we can live happy without secure boot.