On 9/28/18 1:30 AM, Peter Stuge wrote: > Youness Alaoui wrote: >> avoid any malware writing to the flash > > Just disallow flash writes by the platform. Allow flash writes only > by dedicated hardware (maybe ChromeEC?) which implements a simple and > efficient security protocol.
It's not as easy as you might think. You are looking forward to an additional flash chip at least because the ME needs direct access to a SPI flash (you could try to route that through the EC as well, but that would be everything but simple). Then your customers might ask for suspend-to-RAM, for which you need to cache memory-training data somewhere. You can't authenticate this data to the EC. That's solvable too, ofc. But there might be more pitfalls. And I'm not convinced that you'd end up with a simpler solution than your host firmware flipping a bit at the right point in time. > > Looking for a software solution is IMO like Intel trying to secure SMM. No matter if you run it on the EC or the host processor, it will be a software solution. You can make things simpler with a dedicated control- ler, right. But if you succeed still depends on the skills of software developers. ECs can be attacked too (especially if they have a host interface for software updates). Nico -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
