When considering automotive IoT, it’s logical to focus on the supply chain that makes the car possible. In reviewing the application of key management to the automotive IoT landscape, it becomes apparent that the provenance of car components, from tires to telematics, is absolutely critical. Any poorly-built component can cause a systemic failure of the vehicle delivered to the consumer. When one typically thinks of applying encryption, it is focused on protecting the confidentiality of data at rest, in motion, or even while being processed. However, what about measuring whether the data should be trusted instead how whether it needs to be protected?
Starting in late December, the Linux kernel development lists started buzzing about some commits going into the kernel without the usual documentation that adjoins such code changes. When an AMD developer added some code on December 26th with the following comment, security researchers started zeroing in on the problem: