Firmware Security vs. Open source... Why not both?
Track one is on the 2nd floor of Jupiter NEXT
Hardware-backed security features are pervasive in even the cheapest microcontrollers and SoCs these days. That means anyone - even a solo electronics hobbyist - can lock down their code and their embedded device. These features are very capable of, and are very frequently used to restrict the rights of hardware owners and seem to fly in the face of open source hardware ideals.
However, I’d like to show how this doesn’t have to be the case. I’ll give a brief primer on some of these features and how they work, but will then show how they’re useful, if not essential, to providing some very important hardware integrity guarantees, even to open hardware devices. At the same time, I’ll show how even the most life critical devices can be completely capable of enabling tinkering and reuse without sacrificing their integrity.
Hopefully open hardware designers will learn what they need to know in order to deliver more robust devices, and all of us will have a better grasp of what we can realistically expect from closed source hardware versus what companies might be telling us instead.
About the Speaker
Joe FitzPatrick (@securelyfitz) is a trainer and researcher at SecuringHardware.com with a personal mission to make all hardware devices at least a bit more secure. He builds tools like Tigard and Erebus, and teaches Applied Physical Attacks trainings to help people break - and secure - their hardware devices. His actual superpower is the ability to instantly end awkward conversational pauses if you ask him about BSides Portland, the CTRL-H Hackerspace, or drone taco delivery at ToorCamp.
