The Risks and Rewards of Open Platform Firmware: Page 2 of 2

Can you build a product using open platform hardware? Yes, if you understand the risks.

– that is, make a product look like it is proprietary, and keep people from knowing you used open source. “At the very least don't advertise so someone can't find it on GitHub,” Richardson said, also strongly suggesting that designers remove the debug features and change the default identifiers on their open source hardware.

The other big key is in UEFI itself and providing secure field updates to firmware. “You really want to have firmware update in the field,” Richardson said. “The risk is someone can drop the wrong thing on the platform, such as hacked firmware or a slight variation that could brick a product by accident. The reward is if there's a bug or security hole on the platform you can patch it.”

Richardson advocated the use of the  UEFI Capsule function being embraced by Intel and other organizations that allows for remote firmware updates without using third-party or OS-based utilities that could be hacked. In this model the firmware is responsible for authenticating its own updates – checking new versions of the firmware against the firmware already in place.

 

UEFI Capsule Update offers several benefits for designers. (Image source: Brian Richardson / Intel) 

 

“If I trust the firmware then we can let the firmware be the root of trust,” Richardson said. “If you can't trust version 1 of your firmware not to be exploited you have a bigger problem than anyone can help you with.” Richardson also pointed to groups like Tianocore, a community built around the open-source implementation of UEFI, as a great resource for developers.

Ultimately it will be up to developers to decide if using open source is the right move. With the open-source hardware space growing and companies even beginning to offer open-source SoCs , it's likely that a lot more designers, particularly at the DIY and startup level, will be opting to leverage some sort of open source hardware and software to help bring their product to market. “This is the Internet of Things, not the Internet of Thing,”  Richardson said. So the question for developers is then, how do you propagate over the field? It's possible, as long as everyone keeps security first in mind.

 

 

Atlantic Design & Manufacturing, New York, 3D Printing, Additive Manufacturing, IoT, IIoT, cyber security, smart manufacturing, smart factorySmart Manufacturing Innovation Summit   at Atlantic Design & Manufacturing.  Designed for industry professionals looking to overcome plant and enterprise-level manufacturing challenges using IT-based solutions. Immerse yourself in the latest developments during the two-day, expert-led Smart Manufacturing Innovation Summit. You'll get the latest on the factory of future including insights into Industrial IoT and IIoT applications, predictive maintenance, intelligent sensors, security, and harmonizing IT/OT. June 13-15, 2017.    Register Today!

 

Chris Wiltz is the Managing Editor of Design News.

Comments

What is missing here is the reality that a product for the real world consists of more than a processor and some code. "Hardware" includes the balance of the product, the part that actually delivers some action in the real world. While code seldom breaks or wears out, hardware frequently does fail, and so it should have more attention and engineering, aside from the efforts to reduce the cost by reducing the value as much as possible.

yes man, its a very useful article. i tried it on my sites. its work. thank you so much. acer driver update acer support http://best-pc-security.uk/

Add new comment

By submitting this form, you accept the Mollom privacy policy.