Comment by brookst
4 months ago
The end user protection is to sign updates and publish the fingerprints. It should not be possible for one device to get a different binary than everyone else.
4 months ago
The end user protection is to sign updates and publish the fingerprints. It should not be possible for one device to get a different binary than everyone else.
How exactly do you plan on implementing this as an end user?
Even if you somehow manage to ensure 100% consistency with other users for updates you manually “pull” from the vendor, the vendor could simply have your device automatically reach out and update itself with a stealth update.
Or everyone can get the same exact binary, but it has a hash code check on it that activates the evil bits only on your device.
Etc…