From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Sebastian Moeller <moeller0@gmx.de>
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] security guidelines for home routers
Date: Tue, 27 Nov 2018 12:03:35 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.20.1811271156340.7766@uplift.swm.pp.se> (raw)
In-Reply-To: <05A88D6B-51BC-4CC5-98D9-E85AE11D96AC@gmx.de>
On Mon, 26 Nov 2018, Sebastian Moeller wrote:
> I guess that most cheap routers do not actually do "secure boot" but
> rather make it hard to flash not-approved firmware binaries from the
> GUI, and for the intents an purposes of the BSI document that level of
> security, in spite of the talk about firmware authentication by digital
> signatures, seems sufficient. So no need to secure the JTAG interface,
> or even a tftp update method that can be initiated by pressing a button
> on the router or similar.
There are a huge amount of routers in peoples homes in Germany that have
secure boot enabled. Trying to achieve the requirement that these can have
any software installed on them requires new functionality to be created,
perhaps even new administration to handle this in a secure way.
Yes, it might be enough to in the future create a button inside the device
(so it actually has to be opened up) to disable secure boot, but this
still does open up for tampering by someone who happens to have physical
access to the device.
Right now with secure boot on and all code being signed, it's really hard
to tamper with the device and making it do things it wasn't designed to
do.
I'd really like to see a wider audience weigh in on the pro:s and con:s of
this approach. Do parents really want to come home to their 12 year old
who might have opened up their residential gateway and installed something
the 12 year old downloaded from the Internet? Perhaps yes, perhaps no.
> Why? In my reading 2 basically just turns the "The router MAY
> allow the installation of unsigned firmware (i.e. custom firmware)" into
> a "The router MUST allow " it does not rule that the manufacturer needs
> to actively help to develop said custom firmware IMHO. Now it would be a
> great idea to do so, but certainly not required.
Ok, I just took for granted that to make the idea practical, one would
need access to hw / sw specifications.
> Yes, I agree, this is one of the issues where one of the
> heavy-weights needs to get involved. My bet is on the EU picking
> something like this up first though. ATM I do not see much appetite for
> such regulatory actions in the US.
Agreed.
--
Mikael Abrahamsson email: swmike@swm.pp.se
next prev parent reply other threads:[~2018-11-27 11:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-26 18:05 Dave Taht
2018-11-26 18:24 ` Sebastian Moeller
2018-11-26 18:35 ` Mikael Abrahamsson
2018-11-26 22:13 ` Sebastian Moeller
2018-11-27 11:03 ` Mikael Abrahamsson [this message]
2018-11-27 11:52 ` Sebastian Moeller
2018-11-27 13:34 ` Mikael Abrahamsson
2018-11-28 13:49 ` Sebastian Moeller
2018-11-27 18:23 ` valdis.kletnieks
2018-11-26 18:40 ` Dave Taht
2018-11-26 21:05 ` Toke Høiland-Jørgensen
2018-11-26 22:28 ` Sebastian Moeller
2018-11-27 0:29 ` David P. Reed
2018-11-27 11:07 ` Mikael Abrahamsson
2018-11-27 11:17 ` Jonathan Morton
2018-11-28 9:17 ` Michael Richardson
2018-11-28 9:14 ` Michael Richardson
2018-11-28 19:10 ` David P. Reed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1811271156340.7766@uplift.swm.pp.se \
--to=swmike@swm.pp.se \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=moeller0@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox