TP-link is reportedly being investigated over national security concerns linked to vulnerabilities in its very popular routers.

  • ms.lane@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    8 days ago

    Requiring signed firmware is just a lock to keep poors out.

    It’s Never used for consumers benefit, not once, not ever.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      8 days ago

      Signed firmware doesn’t cost anything, so I’m not sure what you mean by “keep the poors out.” Signed firmware has a very valid use case for preventing supply chain attacks. The only time I have an issue with it if there’s no way to make your own signed package or bypass the requirement.

      • ms.lane@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        7 days ago

        It costs the ability to flash your own firmware.

        The only time I have an issue with it if there’s no way to make your own signed package or bypass the requirement.

        That’s 100% of all signed firmware implementations.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 days ago

          These checks are usually at the application level, so flashing via telnet/SSH still works. It’s generally not like TPM where the boot will be blocked if the signature doesn’t match, and in many cases, systems with those protections have a way to set your own keys (e.g. like with GrapheneOS on Pixel phones).