Security

From coreboot
Revision as of 15:11, 15 May 2010 by XVilka (talk | contribs) (Updated most wanted security features)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The wiki is being retired!

Documentation is now handled by the same processes we use for code: Add something to the Documentation/ directory in the coreboot repo, and it will be rendered to https://doc.coreboot.org/. Contributions welcome!

This page explains how coreboot can help with various security aspects of your system, compared to closed-source, legacy BIOS/EFI/firmware implementations.

This page is work in progress!

Common security features

  • Boot password (like BIOS password)
  • RAM wiping after each boot
  • Signature verification - to boot from payload only signing images
  • Support to encrypted block devices/volumes

RAM wiping

SMI issues

ATA issues

BIOS password feature

  • Bayou / coreinfo based "BIOS password" feature, using SHA-1 hashes stored in NVRAM or the (flash) ROM chip.

Firewire issues

TPM issues