With all this scare about bad USB, is there a way to make a USB device that can detect a change i...

[G+_Nathan Dixon]

With all this scare about bad USB, is there a way to make a USB device that can detect a change in the firmware. The idea is to make a device that can detect if it's firmware change like a canary in a coal mine. This device could be plugged into a Raspberry Pi or other throw away/easily rebuilt machine,  the last step would be making it resettable/able to clear and re-flash its firmware. 

[G+_Ben Reese]

I think the solution will be to have your system download the firmware from the USB device then compare it to a DB of known firmwares for that device. Assuming the firmware is small enough, it could be copied and scanned before the system accepts it.

[G+_Nathan Dixon]

Ben Reese To really work, it would have to be USB based, standard hardware cannot see the memory/device behind the controller.

[G+_Fr. Robert Ballecer, SJ]

The OS cannot download the firmware from the USB device. It can request a firmware version from the controller, but it cannot see past controller. That's why this is a "zero visibility" problem.

 

If the firmware is owned, then the controller is owned, which means you can't trust anything the controller reports to the OS.

[G+_Ben Reese]

Ah. I took it that different chips required different levels of connectivity to access the firmware. Some requiring direct JTAG access to the board, some with JTAG access through the USB connection, and some that could be programmed over standard USB.

 

I know it's not realistic to open each device to connect wires to the board, but it seems reasonable to expect some sort of secure USB hub to come to the market someday.