On Thu, Feb 11, 2016 at 8:20 PM Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
Sean Lynch <seanl@literati.org> writes:
I'm not talking about raw size or complexity here; obviously having lots of features and support for lots of devices means high complexity, but it doesn't require that all that complexity run with full system privileges.
XKCD is, as usual, most apropos here:
A huge amount of embedded stuff doesn't even have a kernel mode, because its irrelevant (or, if the hardware does actually support two different modes, everything is run in the highest-priv'd mode). Either the system is robust/secure/reliable or it isn't, whether there's a kernel/user split is irrelevant.
Obviously on a device with no MMU or supervisor mode everything running on it is your trusted computing base. Security is not binary.