29 Sep
2018
29 Sep
'18
5:25 p.m.
On 9/28/18 4:18 AM, Sam Kuper wrote:
On 28/09/2018, Peter Stuge peter@stuge.se wrote:
Youness Alaoui wrote:
avoid any malware writing to the flash
Just disallow flash writes by the platform. Allow flash writes only by dedicated hardware (maybe ChromeEC?) which implements a simple and efficient security protocol.
Relevant URL: https://www.chromium.org/chromium-os/ec-development#TOC-Write-Protect
This seems to state the opposite of what Peter suggested, i.e. the host firmware is responsible of validating the EC firmware('s update) and not the other way around. IMHO, a good idea.
Nico