Certificates don't "expire" the way say, milk expires. An expired certificate is just as valid the day after its expiration as it was the day before, and a signature that was made with the certificate is still just as trustworthy. Certificate expiration is just an indication that the organization that issued it wants more money to keep saying that it's valid. I'd have some concern if new firmware was being signed with an old certificate since there's been more time for an old certificate to find its way into the hands of a bad actor, but the company managing the expiration dates isn't in the business of tracking who currently possesses it so I don't really see much reason to pay attention to what they say about the date.
Obviously certificates do expire. The idea is that it is difficult to keep a key secret so the period of time you can use it is limited. After that period you have to get a new certificate, and you should use a new key for that.
Ideally, a chain of ongoing trust signs that a validation occurred before the cert expired. For example, the owner of a laptop could sign an initial validation and continue to trust the firmware was authentic and not backdated after perhaps the original certificate expired and then its key length gradually became factorable.
It is rather hard to handle code signing and backdating problems purely in software without either removing the benefit of expiration or requiring someone to go sign for the legitimacy of a lot of things they only sort of trust. This has been comming up a lot with git signing and key lifetimes too.
I don't understand that. If the owner of the laptop approve by an initial validation, then he could as well approve by accepting unsigned binaries? Having a cert which cannot be validated seems more or less the same to me as having no cert. All the usual caveats apply: vendor loses signing key after expiration, etc... Vetting which firmware is safe is exactly the responsibility the end user didn't want to have to begin with.
And if the owner doesn't get that power from whoever designs the OS, it makes a reinstall of the device impossible.
The only way out I see apart from never expiring the certs is having a central third party vet the signature ('Yes, this binary with this signature was in our storage before the expiry.') A microsoft update or debian firmware repository could assume that role. But then you are depending on a third party for hardware you own yourself, and if they would rather have you upgrade, you're toast.
Where the certificate is just bogus, like it says "Test" or "Do not use" on it, and that's not a joke (TPPI which stands for "Test Pack Please Ignore" genuinely is one of the more famous Minecraft modpacks so, you know...) then you're correct that all bets are off.
But, where certificates expire the whole _point_ of a code signing or document signing system that makes it different from the Web PKI (certificates for stuff that speaks TLS) is that it makes use of Time Stamping, ala RFC 3161.
The Time Stamping services don't know anything about anything, except they promise to make signed documents saying they saw a particular bit-string (a hash) at a specific moment in time. Timestamps.
And it turns out that this (if you trust any Time Stamping service to know what the time is and not be corrupt) is enough to bootstrap a completely acceptable code signing system where even though the certificate expired in say, January 2017 you can trust that it was valid in March 2015 when its keys were used to sign some code, so therefore the code is still good.
The Certificate Transparency system does a lot MORE than this, but that only makes sense when we want transparency, proprietary vendors mostly do NOT want transparency.
I start to see how this works. There is a third party, but they intervene at signing time and not at validation time.
In detail: You create a hash of your executable and send it to the third party, the TSS. They sign the hash, and never even need to see the actual executable. As long as the end user trusts the third party's cert, the TSS can guarantee the executable existed in its current shape on the date you claim it existed. A kind of notary service.
For who wants to know more: Here is a Java article detailling how this works for Java, and what happens if the TSS cert itself expires
Interesting, I really hope results are caused by people testing weird stuff. But like the author says, and I too, would be worried if it is because of manufacturer neglect. And they should probably be outed.
This is kinda what I would expect. If people can get away without valid certificates they will. Before Lets Encrypt I would find that every "intranet" site I used would have a cert expire every year. The people who run these are cheap fk's and use LE because they don't have to pay.
It may be true that TLS x.509 PKI is broken in the context of embedded devices, sure. But that's not the problem being discussed here.
The first problem is that certs used to sign a lot of firmware seem to be test certs.
The second problem is that (unless the OP misunderstands firmware signing) a lot of the certs were expired at the time the firmware was signed.
All in all this just seems like something that should be enforced through a standards body. Like, to get FCC or customs approval, or some other checkmark that allows selling your product, show that all your software was signed properly.
