Difference between revisions of "Security"

From coreboot
Jump to: navigation, search
(Improved formatting)
(Common security features)
Line 10: Line 10:
 
* Support to encrypted block devices/volumes
 
* Support to encrypted block devices/volumes
  
[[Bayou]] / [[coreinfo]] based "BIOS password" feature, using SHA-1 hashes stored in NVRAM or the (flash) ROM chip.
+
[[Bayou]] / [[coreinfo]] have "BIOS password"-like feature, using SHA-1 hashes stored in NVRAM or the (flash) ROM chip.
  
 
Coreboot can be full-secure solution for your hardware, without this issues, which have "legacy" BIOS:
 
Coreboot can be full-secure solution for your hardware, without this issues, which have "legacy" BIOS:

Revision as of 15:15, 15 May 2010

This page explains how coreboot can help with various security aspects of your system, compared to closed-source, legacy BIOS/EFI/firmware implementations.

This page is work in progress!

Common security features

  • Boot password (like BIOS password)
  • RAM wiping after each boot
  • Signature verification - to boot from payload only signing images
  • Support to encrypted block devices/volumes

Bayou / coreinfo have "BIOS password"-like feature, using SHA-1 hashes stored in NVRAM or the (flash) ROM chip.

Coreboot can be full-secure solution for your hardware, without this issues, which have "legacy" BIOS:

Current BIOS issues

RAM wiping

SMI issues

ATA issues

Firewire issues

TPM issues