undefined | Better HN

0 pointsTaek9y ago0 comments

Reproducible builds is a very important part of knowing you are secure, and in the absence of that at least being able to flash on your own compilation.

0 comments

hdhzy9y ago

Well even with reproducible builds how do you check what actually is running there? That'd be the ME reporting "I'm running version X" without a way to really verify it. Also if you flashed it you cannot be 100% sure there is no other component that is still running a rootkit.

schoen9y ago

Good analysis of this issue in Halvar Flake's https://www.slideshare.net/hashdays/why-johnny-cant-tell-if-... ("Why Johnny can't tell if he is compromised").

ams61109y ago

Or Ken Thompsons's Reflections on Trusting Trust.

j / k navigate · click thread line to collapse