[coreboot] Dead links - missing information?

Karl Schmidt karl at xtronics.com
Wed Aug 5 23:42:59 CET 2015 

On 08/05/2015 01:15 PM, Timothy Pearson wrote:
> The climate has changed drastically.  I ported coreboot to the ASUS
> KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing),
> but I think x86 is now end of line for this task given that AMD is
> building a mandatory Platform Security Processor (PSP) into the next
> generation of Opterons, and that Intel has been forcing the Management
> Engine (ME) down everyone's throats.

My understanding of what is going on - it is claimed that this is about DRM, but that doesn't seem 
true as there has to be a lot of people that are also interested in keeping things secure for 
business reasons.  Having a supervising closed source OS obviously makes things less secure (just 
the added complexity opens a bunch of attack vectors).

My hunch, from having managed and worked with EEs and programmers that are smarter than me - these 
guys have one flaw - they think there is no one else that can see what they see and find the 
flaws(or back-doors depending on who you ask). (I can imagine other countries have high level 
automated disassembly capabilities that remain unpublished).

So I think that the people that have to keep secrets in government - either have totally different 
hardware or our national security is totally exposed due to incompetence (I think the latter).

I'm at the point where I think the lack of physical write-protect on hard-drive BIOS, BIOS's of 
USB-drives, microcode - etc is probably purposeful - instead of getting closer to a system that is 
user audit-able - we are headed in the opposite direction.

I'm an aging assembly programmer/hardware guy among other things - I understand what actually 
happens in these chips - but I think the folks that are steering this ship just might be dangerously 
clueless. If we can't build truly secure business platforms, there is a real risk of a  business 
collapse. We can air-gap design production computers at a huge cost - but computers where people 
exchange money, by definition can't be disconnected.


> We are currently exploring migrating to IBM POWER8 in our next upgrade
> cycle.  The hardware is expensive, but is at least as powerful as Intel
> and much more secure.

Might need to head to FPGA based processors instead.


-- 
--------------------------------------------------------------------------------
Link to our website and get free US-48 shipping on your next order.

Karl Schmidt                                  EMail Karl at xtronics.com
Transtronics, Inc.                              WEB https://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-3089

A bad analogy is like a leaky screwdriver.
--------------------------------------------------------------------------------

More information about the coreboot mailing list