[coreboot] BadBIOS Thoughts

ron minnich rminnich at gmail.com
Sat Nov 2 19:57:26 CET 2013


I suspect people are learning how to exploit EFI's immense attack
surface. Unless it's a successful exploit of the ME, known to be
achieved more than once already.

The entire PC ecosystem is a giant accident waiting to happen. I'm
always surprised to find that people install Linux so they can "have
control" of the system. Changing the kernel no longer gets you the
amount of control it once did. If they knew how little control they
have they'd really be upset. It's not 1999 any more. It's 2013 and the
kernel is walled in by constantly running code on the same or other
processors (there are at least 4 other OSes running on the average PC
nowadays, all capable of doing bad things) that provide it an illusion
of control but not complete control. If you really want a system you
can trust a bit more, get a Chromebook. The amount of work done in
Chromebooks to protect it is extensive and extends beyond the 386
firmware to the ME and the EC and even aspects of the IO devices.

ron



More information about the coreboot mailing list