alt Hacker NewsThe article says:
> According to The Cybersec Guru, this is an unpatchable problem for Sony, because these keys cannot be changed and are burned directly in the APU.
I'm just speculating at this point, but what could prevent Sony from anticipating this exact situation and burning several keys in the APU? I mean, eFuse is not exactly a new technology. That way, once a key is leaked, Sony could push a firmware update switching the APU to a new key which hasn't been leaked yet.
Replies
EPWN3D • yesterday at 6:30 PM
Nothing. But if the keys weren't stored in an HSM (seems likely), attackers getting one of them implies they could get the others as well.
➕ show 1 reply
ghshephard • yesterday at 5:07 PM
Would that not break every other firmware release that relied on that older key?
➕ show 2 replies
j45 • yesterday at 5:54 PM
Even if trivial it could be manufacturing savings.
I have seen some manufacturers enroll multiple manufacturer keys, probably with this notion, but this isn’t useful against almost any threat model.
If keys are recovered using some form of low level hardware attack, as was almost surely the case here, the attacker can usually recover the unused key sets too.
If the chip manufacturing provisioning supply chain is leaky the new keys will probably be disclosed anyway, and if the key custody chain is broken (ie, keys are shared with OEMs or third parties) they will definitely be disclosed anyway.