[coreboot] [PATCH] Stop putting useless or sensitive information in coreboot images

Aurélien footplus at gmail.com
Thu Oct 7 23:18:53 CEST 2010


On Thu, Oct 7, 2010 at 7:35 PM, Uwe Hermann <uwe at hermann-uwe.de> wrote:
> See patch.
>
> This is only build-tested, please carefully review if it might have
> impact on software that depends on the coreboot tables.
>

While I do agree that it would be nice to have an option to keep this
information from appearing in the final rom, I think that:

 - Usernames are not that sensitive, and can be used to track who
compiled a particular image in a small development team. This can be
useful. For a bigger company, i would expect a build bot username at
this place :)

 - You should never build anything on a non-development machine,
particularly on exposed hosts - so I hope to never cross a coreboot
rom built on "firewall1" :) I do get your point, however. For
origin-tracing purposes, an unqualified host name should be
sufficient, no need for the domain part. Development servers should be
on private LANs, so these names should not directly resolve from
outside. Yes, I know, should.

Best regards,
-- 
Aurélien Guillaume




More information about the coreboot mailing list