1

Can a Raspberry Pi be firmware updated?...I have a feeling from the suggested questions I'm being offered, the answer is yes.

I'm actually asking this from a security perspective, not because I actually want/need to myself. To explain, I'm wanting to leave a Raspberry Pi in what I'd guess I'd call a semi-public/communal place, without it's mini-SD card inside - alternatively I'm thinking of using a USB stick to boot/run the Pi and taking the USB stick away with me instead.

I'm confident enough that it wouldn't get stolen, but my concern is the lack of BIOS-style password protection on the Pi. My worry is the potential for a malicious/spying firmware being installed on the Pi without me knowing about it, as I may occasionally use the Pi for logging in to email and the like.

How big are my concerns on this? Bad idea? Is there any way I can make the Pi more secure?

Thanks.

Improve this question
2
  • 3
    If someone has physical access to a device, there's nothing you can do to stop them "owning" it. This applies to Pis and AFAIK every other machine on the planet. Commented Nov 3, 2018 at 13:21
  • Thanks. Yes, I realize there's a risk with any device that's left unattended. Commented Nov 5, 2018 at 10:51

2 Answers 2

Reset to default
1

The firmware is on the SD Card (or other boot device) - the only code on the SOC is a minimal bootloader (which is fixed) to find the boot device.

It is possible to configure a network boot - this is one of the few (single bit) changes which can be made to the SOC. https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/

Improve this answer
1
  • Yes, me not knowing a massive amount about the PI's hardware, the reason I was thinking there wasn't a "traditional" firmware was I was recently looking at setting up the Pi to boot from USB, and read you needed to set a similar bit, and that couldn't be reversed afterwards. Thanks. Commented Nov 5, 2018 at 10:45
0

The Pi itself has no changeable firmware, so as @Milliways suggests there is no risk of someone changing its "BIOS".

However there is nothing to stop someone replacing the Pi with a machine which isn't a Pi but looks like a Pi to you. If you then inserted your SD card or USB stick that machine could do anything it wanted with your data.

Improve this answer
1
  • Yes, I see your point. Thankfully that would probably take a fair amount of effort and resources, unless there's already clones out there. I'm actually pretty reassured from what I'm reading, and it's probably a far safer piece of kit to "leave lying around" than say, a traditional PC, or many other devices. Commented Nov 5, 2018 at 10:49

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.