From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 2B4C93B2A4 for ; Wed, 28 Nov 2018 08:49:26 -0500 (EST) Received: from [172.16.10.187] ([134.76.241.253]) by mail.gmx.com (mrgmx102 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LwGDy-1fK5sb0pby-017zQA; Wed, 28 Nov 2018 14:49:23 +0100 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Sebastian Moeller In-Reply-To: Date: Wed, 28 Nov 2018 14:49:19 +0100 Cc: cerowrt-devel Content-Transfer-Encoding: quoted-printable Message-Id: <2E7C187D-3D45-482A-A664-06B46D796148@gmx.de> References: <6F8CDBFF-8B8A-4B6B-BCE9-918A69354626@gmx.de> <05A88D6B-51BC-4CC5-98D9-E85AE11D96AC@gmx.de> <611D46EC-4E08-4D66-9163-C200FA2ECA09@gmx.de> To: Mikael Abrahamsson X-Mailer: Apple Mail (2.3445.9.1) X-Provags-ID: V03:K1:Qo5zFXhsSCmLswTKOImHNr9R2FX2MxQCXf8Ps++ZjVLHsCvJVet yAnAj8/T6hVECfN6jdEGMUKvLIjVDekJ8wRiQ3M4eo4LYtDQYPvMiw9pDxUPr4XbEb2wfGZ eTujqHIk6nIPMvS7X1xwoH4flKRdXjZUyviWKSE/HT9KetvVMJ2P5tZOsYYO75dudS2WJEk tP7OiQVqRI3CRuzmKt+0w== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:oEuSzbjjw8M=:kuVV0AuKz03VVOPYSwLLBg 1Q7JVe90uJ53QFFswYJOwCAlRystI50YmmogeIgZ0i3iY9QfBURNsTQLroPjT59UxaEfHuWZr 2PZ/RrmG2GdadSHNXgdp6rt0ugQMopiOLY/rQL0VR+kwM+kD+PbAHtcMwgefCEv3gVjwFzfMp f9vKX7AElmjDvoQjb6H/3naoMdDqN6rmhb09aQErPUxr6wAQlkVC1NcPy4+Uszz4NXd8Gayk/ UDTv7Kz6kSlALo+gy2M+bnVp9fjyjHulKicz0Ucxi7CHTv+muGxwbSdllE2dLXTDeIBhd+7UI KFqZY3twHRucDSioznWV49R9ZMQrvcp5y4NhC7ja1KNreaN/Eex0F1zdqeLfJfAxCuTWtMaAy gKZa4BS+i1/gJJtqzHFUfHuHs6TNLdZiz1Xa8oBJmhJwY2qIz+QL1N+LQicV/rRYFNq8U75cQ 59QJdjeRTaEeVdxiSfn/Ob7kp1blj3uc8tNeNMYnfpQcEH4GoFALtK7spgR5op5Vn2KE57jAD IV195SiNKt6yhHA2unmMM32q9kVQiORC70ICDU9j54zW2d98kzPfgKmGuzjuEFg4RC/NzDnAM rItjE4gucCkbX97SK2pjCOZPy4mJeTpi5snIiaIeiCPo6pUHi33EVva/AEv2A66JzbdAG/9Xu j95hPNOx7U+T6Ax8vEXcgT4FRcF5cFZV4JNL8UTmIb1qhhv+nSuWOtqPasfcVHTvReUV+L9Id nX5+HD2gBvYL4f2GrGb1ZJJGgnPyBemHE3irwdftyAJE0IwyIcyya5q8fBfkM/wqCQzEVBgDg ojKWI/ci2wq47nmWcSqqIg5EkgzduoNwp3t4IP0MPl2cMZ88FJ2Ja4UOIOvGUuONdhEta46tG VqGPxYkJVeVCseo4IdOKhtlXY2m+U6LG0c+xYbsDlokF63hlH0ZPMrHrUoXsJq Subject: Re: [Cerowrt-devel] security guidelines for home routers X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2018 13:49:26 -0000 Hi Mikael, > On Nov 27, 2018, at 14:34, Mikael Abrahamsson = wrote: >=20 > On Tue, 27 Nov 2018, Sebastian Moeller wrote: >=20 >> Really, which ones? I would like to know so I can avoid them ;) = Just joking, but I have never heard of secure booting in the context of = MIPS based routers and at least in the retail market most cheap devices = still seem MIPS based. Then again this is slowly changing with x86 (via = DOCSIS-SoCs and even the high end lantiq/intel dsl SoCs) and ARM slowly = seeping into the market. I think bot x86 and ARM have specs for secure = booting or related methods. >=20 > DTs Speedports. >=20 These do have secure boot? interesting. But it explains the lack of user = modifications to these devices. As an alternative example the AVM Fritz! = brand devices quite popular in Germany do actual allow to install modded = firmwares, but the steps to do so are involved enough to not have = anybody do this accidentally. >> I am old school, once somebody has physical access to the device = it is game over already. Point in case people have found ways to decrypt = the encrypted configuration files huawei tends to use in their routers, = and some people even hacked docsis-modems. =46rom my reading of the BSI = recommendations, even pressing a reset button long enough would be okay, = the only nono seems to be allowing changing the firmware to non-signed = ones without explicit opt-in by the user. >=20 > Again, how do you define "explicit opt-in"? Well, BSI document proposes simply modal warning dialogs from = the GUI as an entry barrier... > Yes, cutting a wire inside the device is probably a good way to do it, = if someone doesn't understand this is modification of the device then I = don't know what is. Well, the wire thing is probably the weakest part, I guess my = proposal was to make this change cause visible irrevocable physical = changes to the device. But i guess this is solving a non-existent = problem... >=20 >> But that is okay for a device that an ISP owns and rents out, = but decidedly not okay for a device I want to own. >=20 > I agree, but it might be exactly what some other people want to own, = who just want things to work. There are plenty of devices that people = pay and own, but they expect their ISP to manage and software update. And that is fine, but the whole issue under scrutiny here is = what happens when the manufacturer/seller EOL's a device, and at that = point the only alternative is a forced retirement of hardware that might = still be up to the job. >=20 > --=20 > Mikael Abrahamsson email: swmike@swm.pp.se