I’d personally hope they just force open sourcing their firmwares if they want to stay in the market. I really like my Omada stuff, ubiquiti is just a tough pill to swallow on price.
Signed firmware just means you can prove a given key was used to sign something. Most Linux distributions sign their packages so you know one of the trusted keys from the maintainers was used to sign the packages (and yes, this includes firmware), which prevents a man-in-the-middle from modifying packages.
The only problem I have with signed firmware is if there’s no way to change the acceptable keys. Signing itself is an important security feature, its only problematic if the user can’t upload their own signed packages.
Signed firmware doesn’t cost anything, so I’m not sure what you mean by “keep the poors out.” Signed firmware has a very valid use case for preventing supply chain attacks. The only time I have an issue with it if there’s no way to make your own signed package or bypass the requirement.
These checks are usually at the application level, so flashing via telnet/SSH still works. It’s generally not like TPM where the boot will be blocked if the signature doesn’t match, and in many cases, systems with those protections have a way to set your own keys (e.g. like with GrapheneOS on Pixel phones).
I recently bought their Flint 2 (GL-MT6000) based on multiple recommendations online when looking for a router that supports OpenWRT. That’s preinstalled, with AdGuard Home and WireGuard VPN on top of it. I’m looking forward to set it up and play around with it.
What do you exactly mean when you describe their approach in software as Android-like? That it’s easy to install services in OpenWRT?
It’s OpenWRT as you said but with their own skin and added features instead of completely spinning it off from the ground just because one has a feature to add as an idea like the native AdGuard Home home you mentioned, this makes sure it’s either continually supported because of OpenWRT or anyone can install the vanilla OpenWRT if support is no longer carried by the manufacturer.
I’d personally hope they just force open sourcing their firmwares if they want to stay in the market. I really like my Omada stuff, ubiquiti is just a tough pill to swallow on price.
They (FCC) forced firmwares being signed so nobody can install their own on the off chance it unlocks TX power or frequencies not allowed by FCC.
Can’t say I’ve ever seen an example of signed firmware that didn’t exist to further exploit the working class.
You’ve never used Linux?
Signed firmware just means you can prove a given key was used to sign something. Most Linux distributions sign their packages so you know one of the trusted keys from the maintainers was used to sign the packages (and yes, this includes firmware), which prevents a man-in-the-middle from modifying packages.
The only problem I have with signed firmware is if there’s no way to change the acceptable keys. Signing itself is an important security feature, its only problematic if the user can’t upload their own signed packages.
Requiring signed firmware is just a lock to keep poors out.
It’s Never used for consumers benefit, not once, not ever.
Signed firmware doesn’t cost anything, so I’m not sure what you mean by “keep the poors out.” Signed firmware has a very valid use case for preventing supply chain attacks. The only time I have an issue with it if there’s no way to make your own signed package or bypass the requirement.
It costs the ability to flash your own firmware.
That’s 100% of all signed firmware implementations.
These checks are usually at the application level, so flashing via telnet/SSH still works. It’s generally not like TPM where the boot will be blocked if the signature doesn’t match, and in many cases, systems with those protections have a way to set your own keys (e.g. like with GrapheneOS on Pixel phones).
I don’t think you know what firmware is.
Maybe you don’t. Here’s a list of firmware packages in Debian. Signing for router packages follows the same logic as those Debian packages.
I rest my case.
They should undo this and just prosecute people who abuse the firmware
I honestly like the GL.iNet approach in terms of software which is kinda like Android.
I recently bought their Flint 2 (GL-MT6000) based on multiple recommendations online when looking for a router that supports OpenWRT. That’s preinstalled, with AdGuard Home and WireGuard VPN on top of it. I’m looking forward to set it up and play around with it.
What do you exactly mean when you describe their approach in software as Android-like? That it’s easy to install services in OpenWRT?
It’s OpenWRT as you said but with their own skin and added features instead of completely spinning it off from the ground just because one has a feature to add as an idea like the native AdGuard Home home you mentioned, this makes sure it’s either continually supported because of OpenWRT or anyone can install the vanilla OpenWRT if support is no longer carried by the manufacturer.