On Mon, 9 Dec 2019 09:08:35 -0800 Seth Rosenblatt <[email protected]> wrote:
> I wasn't able to find the security@ alias, otherwise would've emailed > y'all there. I didn't hear back before publication but happy to make > any corrections if needed. I'm also willing to include a statement > from Coreboot if you want to send one over. Note that I cannot speak for Coreboot. Here I want to point out that security is relative to a threat model. The fact that the boot software (Coreboot, u-boot, etc) can be replaced by users is crucial for freedom. I wouldn't want to use a computer which boot software is signed in a way that prevent users from replacing it, as that would be an attack on freedom. That attack would also be a security issue as well for me as the device manufacturer is part of my threat model. I wouldn't feel safe in a jail either. Denis.
pgpMHeyNOtI3J.pgp
Description: OpenPGP digital signature
_______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
