Exciting news from the team at Qubes: https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
> Another important requirement we’re introducing today is that > Qubes-certified hardware should run only open-source boot firmware > (aka "the BIOS"), such as coreboot. The only exception is the use of > a (properly authenticated) CPU-vendor-provided blobs for silicon and > memory initialization (see Intel FSP) as well as other internal > operations (see Intel ME). However, we specifically require all code > used for and dealing with the System Management Mode (SMM) to be > open-source. > > While we well recognize the potential problems that proprietary > CPU-vendor code can cause, we are also pragmatic enough to realize > that we need to take smaller steps first, before we can implement > even stronger countermeasures such as the stateless laptop I > proposed a few months ago. A switch to open source boot firmware is > one such very important step on this roadmap. > > Of course, to be compatible with Qubes OS, the BIOS must properly > expose all the VT-x, VT-d, and SLAT functionality that the > underlying hardware offers (and which we require). Among other > things, this implies proper DMAR ACPI table construction. -- Trammell -- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
