Aren't switches to temporarily bypass emissions controls in cars illegal, despite being a feature customers ask for?
> What laws do you want written?
I want all e-fuses to be banned, as well as any other means for manufacturers to permanently reduce, restrict, or remove functionality from products after they've been sold.
> How "secure" am I allowed to make my product before the Feds come a-knockin'?
If the one you're trying to make it "secure" against is the product's owner, then I'd say "not at all" would be a fine answer.
> And what does a "factory reset" accomplish? The hacker trying to get company IP (or whatever the password is protecting) gets three more attempts at it after the reset?
The point is that the factory reset would delete the company IP.
> Finally, and I'm not saying this makes it okay, but e-fuses are common as dirt these days. I don't know that you're going to get that toothpaste back in the tube.
Wasn't asbestos also as common as dirt before it was banned?
> Aren't switches to temporarily bypass emissions controls in cars illegal, despite being a feature customers ask for?
So you'd propose that we bans switches? You're saying that a microcontroller should never have a certain feature because you don't like how it has been implemented by a single company. Then you propose that nobody should have this feature ever because someone once used it to turn on a light reminding you that it's time to change your toothbrush head (and then let you brush your teeth normally with no further interruption).
I don't think your analogy holds up, nor have you thought through what you propose.
> You're saying that a microcontroller should never have a certain feature because you don't like how it has been implemented by a single company.
It's not the implementation. I don't want hardware to ever be able to permanently make itself less useful, no matter how it's done or what it's being used for.
You're making an argument that PROM, WORM, efuses, etc all shouldn't be allowed to exist. They're used for all sorts of features, not just security. You might do well to apply the lesson of Chesterton's Fence before you call for a ban on things you don't actually understand.
For legitimate cases of write-once media, it should be legal if and only if it's separate from the rest of the device and easily replaceable (e.g., a socketed chip or a DVD+R). Anywhere that write-once media is permanently attached to something else, it inevitably ends up being used for evil.
> I want all e-fuses to be banned, as well as any other means for manufacturers to permanently reduce, restrict, or remove functionality from products after they've been sold.
One thing, I can think of, are hardware-based security devices that disable themselves after recognizing break-in attempts.
> I want all e-fuses to be banned, as well as any other means for manufacturers to permanently reduce, restrict, or remove functionality from products after they've been sold.
I am in opposition to this stance. What you're (rightfully) concerned about is when companies do bad things with these mechanisms. But the mechanisms themselves not only have no ethical/moral problems, but are also really useful for all sorts of things that entirely unobjectionable.
Many security applications, situations where you're providing equipment to others and want to make sure it's not modified, etc. It's not that hard to come up with legitimate uses for this.
In any case, that sortof doesn't matter. Even if there was no legitimate use for them, that doesn't in and of itself mean they should be illegal. You should at the least demonstrate that their existence is causing great societal harm.
> Many security applications, situations where you're providing equipment to others and want to make sure it's not modified, etc. It's not that hard to come up with legitimate uses for this.
Why isn't just making sure the expected private key didn't get wiped a good enough way of making sure it's not modified?
> You should at the least demonstrate that their existence is causing great societal harm.
Okay, how about that it destroys the secondhand CPU market? Once you use an AMD CPU in a Lenovo computer, it blows e-fuses to keep you from ever using it in any other brand of computer: https://news.ycombinator.com/item?id=29958247
> Why isn't just making sure the expected private key didn't get wiped a good enough way of making sure it's not modified?
What's to stop someone from extracting and restoring the private key?
> Okay, how about that it destroys the secondhand CPU market?
Sure, then how about addressing that issue rather than proposing to outlaw an entire mechanism entirely? We have a lot of things that can be misused, but (generally) only in extreme cases do we outlaw the tech itself. More usually, we have laws targeting the misuse of the tech.
> What's to stop someone from extracting and restoring the private key?
Isn't the whole point of these chips that you can't extract the private key, so that if it gets wiped, it's definitely gone forever?
> Sure, then how about addressing that issue rather than proposing to outlaw an entire mechanism entirely? We have a lot of things that can be misused, but (generally) only in extreme cases do we outlaw the tech itself. More usually, we have laws targeting the misuse of the tech.
But this particular technology doesn't seem to have any legitimate uses.
Aren't switches to temporarily bypass emissions controls in cars illegal, despite being a feature customers ask for?
> What laws do you want written?
I want all e-fuses to be banned, as well as any other means for manufacturers to permanently reduce, restrict, or remove functionality from products after they've been sold.
> How "secure" am I allowed to make my product before the Feds come a-knockin'?
If the one you're trying to make it "secure" against is the product's owner, then I'd say "not at all" would be a fine answer.
> And what does a "factory reset" accomplish? The hacker trying to get company IP (or whatever the password is protecting) gets three more attempts at it after the reset?
The point is that the factory reset would delete the company IP.
> Finally, and I'm not saying this makes it okay, but e-fuses are common as dirt these days. I don't know that you're going to get that toothpaste back in the tube.
Wasn't asbestos also as common as dirt before it was banned?