[coreboot] LinuxBIOS/coreboot and security
philipp at marek.priv.at
Wed Jan 30 18:21:55 CET 2008
On Wednesday 30 January 2008 Corey Osgood wrote:
> Ok, I'm not going to get too far into this, because I'm no real security
> expert, but:
> I think what he was trying to say is that if you give coreboot, say, a FILO
> payload set up to boot from some medium, with no support for any other
> medium, then there's no switch you can throw, short of flashing a new bios
> onto the board. You can do the same thing with a linux kernel, use that to
> unconditionally kexec to a specific medium, or with large enough flash, you
> could store the entire kernel in flash.
OK, that's a possible way..
Although for development and support it might be good to be able to boot from
other media; that would have to be password-protected (per-machine), and then
I'm back where I started.
[ And having different images for development and release is not what I'd
like, TBH. ]
But it's surely something to think about.
Versioning your /etc, /home or even your whole installation?
Try fsvs (fsvs.tigris.org)!
More information about the coreboot