On 23.06.19 12:04, Hubert Ruch wrote:
On 6/23/19 12:00 PM, Stefan Reinauer via coreboot wrote:
Remember that the project was started by Los Alamos National Labs
(LANL), the guys that also brought you the Manhattan Project.
Contributions have also been made by the BSI (German version of the
NSA) and their contractors.
Thanks for the info. Didn't know that. Now, one has to wonder how many
skilled developers actually do read and understand their code.
Very few I assume. But for this particular contribution I can say that
it will be an optional feature. Actually, an optional security feature
for an optional feature (SMM). If you use your boot firmware to boot
and not to hide secrets or to provide any other added "security", you
are most likely safe :)
But due to this "optional" nature, I guess, there won't be many people
reading the code.
IIRC Leah
Rowe paid someone $90.000 for adding some code to LibreBoot. I'm
mentioning this because it leads to the assumption that boot coding must
be a pretty difficult task.
I do remember that too (roughly same number), but it wasn't about ad-
ding code but about releasing it under the GPL. Nobody was paid for
the review nor for improving the code during review. So it ended up
as probably the worst code in our repository, IMO.
However, I don't understand your conclusion. If somebody works for one
or two years on some code, they got to be paid. For the amount of code,
that number seemed reasonable to me.
Also, my very personal opinion: "boot coding" is not a difficult task.
Some vendors may try to make you think that it is, so nobody learns how
they do it. Others may make it hard by not providing the necessary docu-
mentation. Imagine you would want to write a compiler for x86 but its
instructions weren't documented? Does that make compiler development
hard per se? I don't think so.
Nico
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
