Started by Mine, January 27, 2015, 06:03:01 PM

Previous topic - Next topic



Coreboot FTW! Safe, "simple" and speedy!

But some question are still open:
a) SMM support? Is it needed? Or could one build a computer without that NSA-ish backdoor?
b) Which payload? Does it make sense to have a user interface for some basic configuation at low level, say e.g. SeaBIOS? Some OSs actually still expect a BIOS (or at least some API/ABI) of that kind to be present. Iirc. some Beasties need it and Windows. So if some people would like to use a dual boot one might have to provide a payload option.
c) How often would we need updating a payload?
1. flash write cycles and lifetime
2. how complicated will it be?
So one could payload SeaBIOS plus a bootloader, if that does not need to be updated weekly cause of security flaws or bugs. Even a kernel? I update kernels relatively often (Gentoo rolling release, and AMD APUs/GPUs on free driver stack so using recent kernels makes sense to me :) ). Writing monthly or more often to the chip might destroy it. So maybe no kernel?
Also depends on the size of the flash memory, of course.

OMG, would a modern Windows (in case somebody would really want to hurt him/herself with W8) even require UEFI functions?

Another question added: What about AGESA? I know AMD is nice and would likely give the newest blob to any Coreboot development. But: it still is a blob and recently on the CCC (chaos communication congress 2014) some Czech hacker had a talk about some security issues he found in the code. AMD fixed it, but of course it will takes ages for mainboard vendors / UEFI- or BIOSmakers to implement and deliver to the end user.


Just having read about "Equation Group" the importance of free as in freedom firmware cannot be stressed enough. Something hidden in firmware is always a problem, like the mentioned SMM. Transparent to the OS (and also any malware protection means) this can do things on the computer with more than root rights. Also, with the implementation of a network stack in UEFI it is able to send data and receive further commands remotely.