The Security Software uses a password to lock a certain region on the USB Flash Memory. This application software usb lock makes it impossible to see the content (data, files, etc.) in the locked region without supplying the password.
Nohl says he and Lell reached out to a Taiwanese USB device maker, whom he declines to name, and warned the company about their BadUSB research. Over a series of emails, the company repeatedly denied that the attack was possible. When WIRED contacted the USB Implementers Forum, a nonprofit corporation that oversees the USB standard, usb security spokeswoman Liz Nardozza responded in a statement. Consumers should always ensure their devices are from a trusted source and that only trusted sources interact with their devices,” she wrote. Consumers safeguard their personal belongings and the same effort should be applied to protect themselves when it comes to technology.
All keys (PK, and X509 keys in KEK and db) should be X509 CA keys (i.e. self signed). The reason for this is that the platform will verify a key back to its root of trust. It is possible to provision a signature chain going back to the root of trust, but it’s not easy, so usb access control starting with self signed CA certificates is easiest. Note that from the CA, you can issue signing keys, but those keys cannot themselves then be used to create subordinate signing keys because the intermediate trust certificate will be missing from the signing chain.