[coreboot] BadBIOS Thoughts

David Hendricks david.hendricks at gmail.com
Mon Nov 4 06:47:13 CET 2013

On Sun, Nov 3, 2013 at 11:47 AM, Alex <mr.nuke.me at gmail.com> wrote:

> On 11/02/2013 01:57 PM, ron minnich wrote:
>> [...]  If you really want a system you
>> can trust a bit more, get a Chromebook. The amount of work done in
>> Chromebooks to protect it is extensive and extends beyond the 386
>> firmware to the ME and the EC and even aspects of the IO devices.
>>  I'm sorry Ron, but you're just asking me to take your word for it. I
> can't do that. There's more secret code running on a Chromebook's firmware
> than there is free code. In fact, I would argue, most code where attack
> vectors could hide is secret. It's a foul's paradise.

Not true on the ARM Chromebook products. And just 'cuz the system agent
blob on Intel systems is a real porker doesn't diminish the role of free
software running underneath the sheets. At least with Coreboot you still
get insight into the code flow, SMM handlers, how devices are set up and
what they're allowed to load, etc. Plus the things that *aren't* there like
potentially exploitable runtime module loading and runtime services.

Anyway, if you can find more open Intel-based systems* I'd like to see 'em.

*Before anyone suggests Minnowboard, don't. The pile of
restrictively-licensed binary blobs necessary to boot those things rules
them out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20131103/0f48e484/attachment-0001.html>

More information about the coreboot mailing list