Arm is Writing a Free Secure BIOS for Device Makers

[DooKey]

Arm hopes to release open-source code early next year that will help secure IoT devices by encrypting their communications and installing OTA security fixes. They call this the Platform Security Architecture and published details today. Not all IoT devices have problems, but for the smaller companies this could be just what they're for to better secure their products. I'm completely on-board with this initiative!

The blueprints were designed after Arm engineers studied various embedded devices out there powered by its processor cores, including the webcams and routers hijacked by the Mirai botnet used to wage war on the internet last year, and developed a threat model – basically, a description of typical miscreants commandeering internet-connected devices and the vulnerabilities exploited to achieve this. With this model in mind, a blueprint to tackle the flaws could be produced.

 

[BloodyIron]

Took them fucking long enough...

 

[PaulP]

This is a nice start, and should close up the more basic security holes. But it is not a panacea; anyone making IoT devices needs to be aware of all the other places that their device could be vulnerable. In other words, they need to have someone on the project that has security education and experience.

 

[Zarathustra[H]]

This is a good move forward, but there need to be an exception for the owner.

The owner of any device needs to have the freedom to install and operate the software of their choosing on said device.

Make it secure, but not in such a way that you eliminate user choice.

IMHO, locking the boot loaders on phones and tablets such that users can't freely install the operating systems of their choice on them ought to be illegal.

 

[MRAB54]

Fantastic, we need to move towards open source bios/firmware. Enough of this closed source Intel ME and UEFI bullshit. Long time coming.