Agreed, firmware security by chip manufacturers has been underwhelming to say the least and we can blame them for that.
But in this specific instance I still don’t see the benefit of a fix for consumer usage. Companies have a responsibility and accountability toward their users, so a fix is due, for personal laptops/PCs the threat is toward the owners themselves (activists, diplomats, journalists, etc.). The latter do not buy second hand equipment, and if the firmware is compromised while they own it, they are already in danger.
You are assuming activists are well funded in some way, and that they are not repressed.
This obviously has a benefit for consumer usage too, same as encryption. You’re basically saying consumers don’t need any kind of antivirus either, because it’s not that critical.
This vuln should have been fixed for consumer hardware too, because it basically permanently taints all hardware that is vulnerable to it. And what makes it so hard to release patches for consumer hardware, when patches were already made for the same generations of enterprise hardware? Basically the majority of the work has been done already
Agreed, firmware security by chip manufacturers has been underwhelming to say the least and we can blame them for that. But in this specific instance I still don’t see the benefit of a fix for consumer usage. Companies have a responsibility and accountability toward their users, so a fix is due, for personal laptops/PCs the threat is toward the owners themselves (activists, diplomats, journalists, etc.). The latter do not buy second hand equipment, and if the firmware is compromised while they own it, they are already in danger.
You are assuming activists are well funded in some way, and that they are not repressed.
This obviously has a benefit for consumer usage too, same as encryption. You’re basically saying consumers don’t need any kind of antivirus either, because it’s not that critical.
This vuln should have been fixed for consumer hardware too, because it basically permanently taints all hardware that is vulnerable to it. And what makes it so hard to release patches for consumer hardware, when patches were already made for the same generations of enterprise hardware? Basically the majority of the work has been done already