Open Giszmo opened 2 years ago
We can show the hash of installed firmware to the end user to make them able to verify the installed firmware.
@mimirobo In bootloader, prior to finalize the firmware installation and after checking the signature, we also can show the hash of firmware to end user.
@Giszmo Thanks for your suggestion, We are going to add this feature to the next bootloader update.
We can show the hash of installed firmware to the end user to make them able to verify the installed firmware.
Wonder which hash I would make my evil firmware show :thinking:
Or did you mean to say "We can show the hash of to be installed firmware to the end user to make them able to verify the firmware prior to installing it."?
Or did you mean to say "We can show the hash of to be installed firmware to the end user to make them able to verify the firmware prior to installing it."?
Yes, Correct.
I'm reviewing hardware wallets for WalletScrutiny and watching the firmware update video I noticed the user has no way of knowing which binary the device is being updated to.
For verifiability, the firmware has to be not only open source but also reproducible by independent security researchers and the device has to give indication of which binary it's actually updating to.