TP-link is reportedly being investigated over national security concerns linked to vulnerabilities in its very popular routers.

  • tty5@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    4 days ago

    They (FCC) forced firmwares being signed so nobody can install their own on the off chance it unlocks TX power or frequencies not allowed by FCC.

    • john89@lemmy.ca
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      4 days ago

      Can’t say I’ve ever seen an example of signed firmware that didn’t exist to further exploit the working class.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        4 days ago

        You’ve never used Linux?

        Signed firmware just means you can prove a given key was used to sign something. Most Linux distributions sign their packages so you know one of the trusted keys from the maintainers was used to sign the packages (and yes, this includes firmware), which prevents a man-in-the-middle from modifying packages.

        The only problem I have with signed firmware is if there’s no way to change the acceptable keys. Signing itself is an important security feature, its only problematic if the user can’t upload their own signed packages.

        • ms.lane@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          4 days ago

          Requiring signed firmware is just a lock to keep poors out.

          It’s Never used for consumers benefit, not once, not ever.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            3 days ago

            Signed firmware doesn’t cost anything, so I’m not sure what you mean by “keep the poors out.” Signed firmware has a very valid use case for preventing supply chain attacks. The only time I have an issue with it if there’s no way to make your own signed package or bypass the requirement.

            • ms.lane@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              3 days ago

              It costs the ability to flash your own firmware.

              The only time I have an issue with it if there’s no way to make your own signed package or bypass the requirement.

              That’s 100% of all signed firmware implementations.

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 days ago

                These checks are usually at the application level, so flashing via telnet/SSH still works. It’s generally not like TPM where the boot will be blocked if the signature doesn’t match, and in many cases, systems with those protections have a way to set your own keys (e.g. like with GrapheneOS on Pixel phones).