Wii U SDBoot1 Exploit “paid the beak”

Having spent a while working in embedded and learning that this is not a lesson that's been internalised: this is why you never sign any executable that can boot on shipped hardware unless you'd be ok with everyone running it on shipped hardware. You can not promise it will not leak. You can not promise all copies will be destroyed. If it needs to run on production hardware then you should have some per-device mechanism for one-off signatures, and if it doesn't then it should either be unsigned (if fusing secure boot happens late) or have the signature invalidated as the last thing that happens before the device is put in the box.

A lot of companies do not appear to understand this. A lot of devices with silicon-level secure boot can be circumvented with signed images that have just never (officially) been distributed to the public, and anyone relying on their security is actually relying on vendors never accidentally trashing a drive containing one. In this case Nintendo (or a contractor) utterly failed to destroy media in the way they were presumably supposed to, but it would have been better to have never existed in this form in the first place.

Indeed, having done the whole developement/test/manufacturing workflow using hardware based secure boot , I realized likely very few people ever do it properly.

We had developer keys and production keys. Burning one-time fuses with the production key meant developer code would be rejected.

It took a high amount of discipline and a lot of work in the build process (separate developer/production builds of components and corresponding signing).

Very few people had access to the production signing mechanism and I avoided signing root enabled builds, even though such would be extremely convenient. Other teams… freely published production signed internal use developer firmware internally (to the whole company).

Sadly, nobody gets an award for doing it right, and rarely face consequences for doing it wrong.