[coreboot] Dead links - missing information?
Karl Schmidt
karl at xtronics.com
Wed Aug 5 23:42:59 CET 2015
On 08/05/2015 01:15 PM, Timothy Pearson wrote:
> The climate has changed drastically. I ported coreboot to the ASUS
> KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing),
> but I think x86 is now end of line for this task given that AMD is
> building a mandatory Platform Security Processor (PSP) into the next
> generation of Opterons, and that Intel has been forcing the Management
> Engine (ME) down everyone's throats.
My understanding of what is going on - it is claimed that this is about DRM, but that doesn't seem
true as there has to be a lot of people that are also interested in keeping things secure for
business reasons. Having a supervising closed source OS obviously makes things less secure (just
the added complexity opens a bunch of attack vectors).
My hunch, from having managed and worked with EEs and programmers that are smarter than me - these
guys have one flaw - they think there is no one else that can see what they see and find the
flaws(or back-doors depending on who you ask). (I can imagine other countries have high level
automated disassembly capabilities that remain unpublished).
So I think that the people that have to keep secrets in government - either have totally different
hardware or our national security is totally exposed due to incompetence (I think the latter).
I'm at the point where I think the lack of physical write-protect on hard-drive BIOS, BIOS's of
USB-drives, microcode - etc is probably purposeful - instead of getting closer to a system that is
user audit-able - we are headed in the opposite direction.
I'm an aging assembly programmer/hardware guy among other things - I understand what actually
happens in these chips - but I think the folks that are steering this ship just might be dangerously
clueless. If we can't build truly secure business platforms, there is a real risk of a business
collapse. We can air-gap design production computers at a huge cost - but computers where people
exchange money, by definition can't be disconnected.
> We are currently exploring migrating to IBM POWER8 in our next upgrade
> cycle. The hardware is expensive, but is at least as powerful as Intel
> and much more secure.
Might need to head to FPGA based processors instead.
--
--------------------------------------------------------------------------------
Link to our website and get free US-48 shipping on your next order.
Karl Schmidt EMail Karl at xtronics.com
Transtronics, Inc. WEB https://secure.transtronics.com
3209 West 9th Street Ph (785) 841-3089
Lawrence, KS 66049 FAX (785) 841-3089
A bad analogy is like a leaky screwdriver.
--------------------------------------------------------------------------------
More information about the coreboot
mailing list