Difference between revisions of "Security"

From coreboot
Jump to: navigation, search
(Updated most wanted security features)
Line 2: Line 2:
  
 
<div style="color:red">This page is work in progress!</div>
 
<div style="color:red">This page is work in progress!</div>
 +
 +
== Common security features ==
 +
 +
* Boot password (like BIOS password)
 +
* RAM wiping after each boot
 +
* Signature verification - to boot from payload only signing images
 +
* Support to encrypted block devices/volumes
  
 
== RAM wiping ==
 
== RAM wiping ==

Revision as of 15:11, 15 May 2010

This page explains how coreboot can help with various security aspects of your system, compared to closed-source, legacy BIOS/EFI/firmware implementations.

This page is work in progress!

Common security features

  • Boot password (like BIOS password)
  • RAM wiping after each boot
  • Signature verification - to boot from payload only signing images
  • Support to encrypted block devices/volumes

RAM wiping

SMI issues

ATA issues

BIOS password feature

  • Bayou / coreinfo based "BIOS password" feature, using SHA-1 hashes stored in NVRAM or the (flash) ROM chip.

Firewire issues

TPM issues