Yes, the hardware verification is there. I confused it with how and where the keys are stored. On the XBOX360 the keys are on the die, which is why you cannot extract them by means of a software exploit. The PS3 does not store the keys on the die.
The presentation complements the slides. You might want to take a look, as the slides alone tell only part of the story.
Yeah, I had a look last night and it clarified some things.
If I understand this correctly, the one loader bootstrapping the system cannot be updated, and because the private key it uses has been recovered, it is possible to replace the code the bootstrap loader will load.
This is apparently what the situation is presented as. However, it is worth pointing out that at the time of the conference this was not exactly so, because they hadn't compromised metldr at that time. Actually, what they said then was that a non-revokable downgrade method exists, which if true (and before I quit, I was actually working on one myself so I believe it is not impossible for one to exist!), does mean unlimited homebrew on all currently extant PS3s. It does not necessarily mean unlimited piracy (because new games could require a new firmware with new keys and whitelist to block the old compromised ones), but this situation would actually be quite nice
But the claim that it's impossible to even securely upgrade the firmware relies on whether metldr really cannot be updated. As far as I can tell, they claim that it can't be updated because it's being signed and encrypted with the per console hardware keys, and how could Sony release an update encrypted with the right unique keys? Well, even one of their members acknowledged that Sony can do it if they happen to have a database of the hardware keys mapped to eg serial number or something. But even if Sony doesn't have that, I still say wait and see, because even if I, or even the talented hackers of fail0verflow are unable to realize how Sony could counter this, that's an argument from ignorance. Similar circumstances existed on the PSP, and although the argument for Sony being screwed then seemed reasonable at first, it turned out somewhat differently when they managed to scrounge up a new secret key that put them back in control. Actually they managed to do this twice, the second time even when their hardware key had been compromised!
But I'm certainly not saying that Sony definitely will be able to pull such a rabbit out of the hat with the PS3, and if history is anything to judge by, even if they do, it might well be just a stopgap measure (especially considering the sorry state of the PS3 security model in reality rather than on paper), but somehow Sony seems to be quite a bit clever in actually getting the horses back in the barn. Or at least they seem to be more clever in getting them back, than they are in making sure they never leave in the first place, hehehe
The use of the 'C' programming language made the security architecture vulnerable. But even then the vulnerability ought to have had limited impact. As you wrote, the overall design is strange, and how certain parts are implemented (the 27C3 presentation raises questions about encrypted storage, and how the hypervisor design is unsuitable as a security measure) make you wonder how it was designed and reviewed.
It probably was not independently reviewed.
Yes. I think people really overestimate the importance of security to these companies. Geohot, for example, claimed that he was able to defeat Sony's billions of dollars spent on PS3 security. A good ego stroke perhaps, but that dollar claim doesn't have anything to do with reality
Heh, with the PSP, they originally even forgot to turn on their security scheme! Yeah, that's right, the first PSPs would happily ignore all the authentication mechanism and run any old unsigned code, straight out of the box! I'm pretty sure billions of dollars were not spent on that either
