Open firmware is going to be foundational for security.
— Ben Laurie (@BenLaurie) June 14, 2018
Fir years I've been telling Intel (every chance I get, which is fairly often) that closed source BSP/FSP/etc only hurts them. It's honestly like they've been told not to hear it. https://t.co/GEiLahSs62
— Farce Majeure🌹 (@vathpela) June 14, 2018
We need independently auditable firmwares for many reasons. Legislators, forcing open binaries for such systems is a good thing and imposes little cost. https://t.co/s8OULPaHiK
— Halvar Flake (@halvarflake) June 13, 2018
The above 3 tweets apply to EVERYTHING, not just the story that started it, VW firmware. It seems the forensics community still does very little with firmware:
Volkswagen, together with @iotatoken will show at #cebit18 a proof of concept how the trusted transfer of software over-the-air to vehicles can be securely documented using the #tangle. Great example how distributed ledger technology can be used in the future pic.twitter.com/4wuc7pdKfv
— Johann Jungwirth (@JohannJungwirth) June 9, 2018
VW's firmware was used to defeat emissions tests:https://t.co/H1zs3gFLcc
Their response should be independently auditable, reproducible firmware updates.
Instead, they are relying on a system with a track record of broken, homegrown crypto for critical firmware updates. https://t.co/EyghznVjPV
— Steve Weis (@sweis) June 13, 2018
Firmware Security 