[coreboot] we've always known this was possible and hence never bothered to do it but ...
btrotter at gmail.com
Tue May 13 13:11:03 CEST 2008
On Tue, May 13, 2008 at 12:47 AM, ron minnich <rminnich at gmail.com> wrote:
> On Sun, May 11, 2008 at 11:49 PM, Brendan Trotter <btrotter at gmail.com> wrote:
> So, to say the least, I don't accept your argument that open source
> BIOS is somehow more "hacker" friendly, unless you mean in the 1980s
> sense of the word: the lonely guy in the basement. That model is long
> dead. Hackers now are well financed and rich in tools and experience.
> Binary is not an impediment to them. Binary is an impediment to those
> of us who want security.
How long would it take you to add some code to coreboot that displays
the string "Hello world"? How long would it take you to add some code
to a proprietary BIOS that displays the string "Hello world"?
After you've measured how long it takes, give both modified binaries
and both original binaries to your Grandparents (who I assume are
normal people, without programming experience), and find out how long
it takes them to figure out which binaries are the unmodified
originals (without your help).
Of course this is just a silly side issue. The main reason for my post
was to highlight your hypocrisy - "Everyone look! Some propretory BIOS
has an SMM related vulnerability! The world, sooner or later, is going
to get the message :-)". It's like a morbidly obese person laughing at
how large a slightly chubby person is, or a heroin dealer complaining
that alcohol should be banned because it's bad for your health. Not
that SMM vulnerabilities are the only security holes in coreboot (you
might want to do a web search for "blue pill" and consider
implementing an "enable/disable VMX" option somewhere).
More information about the coreboot