demomantf2, 4 months ago

@Rairii the latter thing reminds me of when nintendo bricked a bunch of wiis because they tried to update boot2 and didn't test it 💀

Rairii, 4 months ago

@demomantf2 ES_ImportBoot was tested a lot on devkits, broadon eventually fixed the bug at some point

but they never really did network updates much (the majority of devkits were updated via wads on dev-signed update .isos), and without haxx there was no way to know if you were running a buggy ES until it was too late

jernej__s, 4 months ago

@Rairii On one hand, it's completely expected. On the other hand, how do you manage to do that‽

Rairii, 4 months ago

@jernej__s by deleting the only copy

and for the "broken db update" thing:

"why would we ever need to test that"

Rairii, 4 months ago

@jernej__s watching the actual talk and they mention "OEM's PK expired so they can't sign anything with it"

hahaha, just patch your signing tools to ignore expiry date, people have done that already, surely that would work in some of those cases

(do HSMs care on the hardware about expiry date? it's my understanding that they wouldn't have the actual x509 cert, just the keypair of which the privkey can only be used to sign stuff?)

jernej__s, 4 months ago

@Rairii Ah, the certificates were only issued for a 10-year period, so we're seeing the fallout of that now.