And what if the cryptographic hashes are broken, stolen, or whatever? Once you're in the system, if there's rewriteable storage at all, it can be compromised.
If you want to stream, the apps need to be updated as streaming service providers update their systems from time to time.
> And what if the cryptographic hashes are broken, stolen, or whatever?
You've still improved the scope of exploitation from:
- Need an RCE (remote code execution) in any service on the device for a persistent threat
To:
- You need an RCE in any service on the device
- You also need to be able to generate a cryptographically signed update which will install for persistent threat
That's a win. That's a BIG win. Particularly as regular updates can replace compromised cryptographic credentials.
You're essentially arguing the "if the solution is imperfect, we should do nothing" fallacy. You haven't proposed a better alternative, just argued that no action is better than an action that falls below perfection.
> If you want to stream, the apps need to be updated as streaming service providers update their systems from time to time.
Which may require a reboot. It is unfortunate, but makes the device more secure and less susceptible to hardware originated data corruption (since the volumes can be completely verified for correctness, compared to the source images which can also be verified for correctness via HMAC).
There's no specific set standard for how bin updates work. They can range from complete file system updates to incremental updates.
I really don't get what you're saying. None of your proposals would solve the problem being discussed. Are cryptographic hashes not already completely common-place? That was standard even 10 years ago, if only just to make sure the files are not corrupt.
In actuality, running virus checks is a fine idea, particularly if the process can be automated and updated for newer threats.
If you want to stream, the apps need to be updated as streaming service providers update their systems from time to time.