[coreboot] LinuxBIOS/coreboot and security

Philipp Marek philipp at marek.priv.at
Wed Jan 30 18:21:55 CET 2008

On Wednesday 30 January 2008 Corey Osgood wrote:
> Ok, I'm not going to get too far into this, because I'm no real security
> expert, but:
> I think what he was trying to say is that if you give coreboot, say, a FILO
> payload set up to boot from some medium, with no support for any other
> medium, then there's no switch you can throw, short of flashing a new bios
> onto the board. You can do the same thing with a linux kernel, use that to
> unconditionally kexec to a specific medium, or with large enough flash, you
> could store the entire kernel in flash.
OK, that's a possible way..

Although for development and support it might be good to be able to boot from 
other media; that would have to be password-protected (per-machine), and then 
I'm back where I started.

  [ And having different images for development and release is not what I'd
    like, TBH. ]

But it's surely something to think about.

Thank you!



Versioning your /etc, /home or even your whole installation?
             Try fsvs (fsvs.tigris.org)!

More information about the coreboot mailing list