TP-link is reportedly being investigated over national security concerns linked to vulnerabilities in its very popular routers.

  • ms.lane@lemmy.worldEnglish
    21·
    1 day ago

    Requiring signed firmware is just a lock to keep poors out.

    It’s Never used for consumers benefit, not once, not ever.

    • sugar_in_your_tea@sh.itjust.worksEnglish
      21·
      1 day ago

      Signed firmware doesn’t cost anything, so I’m not sure what you mean by “keep the poors out.” Signed firmware has a very valid use case for preventing supply chain attacks. The only time I have an issue with it if there’s no way to make your own signed package or bypass the requirement.

      • ms.lane@lemmy.worldEnglish
        21·
        11 hours ago

        It costs the ability to flash your own firmware.

        The only time I have an issue with it if there’s no way to make your own signed package or bypass the requirement.

        That’s 100% of all signed firmware implementations.

        • sugar_in_your_tea@sh.itjust.worksEnglish
          1·
          4 hours ago

          These checks are usually at the application level, so flashing via telnet/SSH still works. It’s generally not like TPM where the boot will be blocked if the signature doesn’t match, and in many cases, systems with those protections have a way to set your own keys (e.g. like with GrapheneOS on Pixel phones).