Uncategorized

OEMs still not shipping golden image hashes

OEMs: you need to ship hashes of your golden images. Read NIST SP 147 (and 193). You should be OpenPGP-signing them, as well.

I want to update the BIOS on my <OEM> motherboard as this hopefully solves a problem. However, the archive containing the BIOS update and flashing tool can only be downloaded over http and there is no way to verify it’s integrity as neither signed or non-signed checksums are available. I’m extremely uncomfortable with just installing the update without being able to verify it’s integrity, as I would forever think about if the BIOS has been modified in case the download server has been compromised or by MITM attack while I’m downloading. What can I do?

https://news.ycombinator.com/item?id=14530302

 

Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s