请问HN:硬件Nano KVM的安全性
大家好,我正在关注这个产品:[Sipeed NanoKVM-USB](https://wiki.sipeed.com/hardware/en/kvm/NanoKVM_USB/development.html)。<p>这个产品非常符合我的需求,但该公司在安全性方面的记录非常糟糕。[视频链接](https://www.youtube.com/watch?v=plJGZQ35Q6I)。<p>因此,我试图从一个完全偏执的角度来考虑这个问题。我能否使用这个设备并完全保护自己?<p>他们提供了客户端的源代码,所以这没问题,我可以阅读这段代码,重新编译,并确信它是完全安全的(我只是一个人,但我们假设这已经足够好)。<p>不过,我对固件方面有很大的疑虑。我对硬件方面不太熟悉,但那里可能存在安全问题吗?<p>制造这个设备的人声称“没有固件代码”。我不理解这个说法。有没有更有知识的人能解释一下这是什么意思,以及我该如何验证?<p>他们提供了一个链接来证实这个说法,但那个链接已经失效。<p>感谢任何见解!
查看原文
Hi all, I am looking at this product: [Sipeed NanoKVM-USB](https://wiki.sipeed.com/hardware/en/kvm/NanoKVM_USB/development.html).<p>It would work very well for my need, but the company has a [terrible track-record for security](https://www.youtube.com/watch?v=plJGZQ35Q6I).<p>So I am trying to approach it from a fully paranoid perspective. Can I use this device and protect myself fully from it?<p>They provide the source code for the client side. SO that's fine, I can read that code, recompile it, and convince myself it is fully safe (I am only human, but let's assume it's good enough).<p>I have strong doubts about the firmware side though. I am not familiar with the hardware side, but could there be any security issue there?<p>The guys making the device are claiming ["there is no firmware code"](https://github.com/sipeed/NanoKVM-USB/issues/5#issuecomment-2785035753). I do not understand that statement. Can anyone more knowledgeable shed some light as to what that means, and how I could verify it?<p>They point to a link to corroborate that claim, but the link is broken.<p>Thanks in advance for any insights!