On 9/1/15, Blibbet <[email protected]> wrote: > ... > I merely meant that BIOS didn't offer new security tech, that newer > firmware tech does. My point was that Verified coreboot is stronger than > Libreboot, and Ministry of Freedom could be using stronger open source > tech in their product than they currently do. Eg, coreboot has Verified > Boot mode, which is roughly like UEFI's Secure Boot, and can help > protect the a blob-free system more than just Libreboot.
thank you for the clarification :) > ... Users should not have to rebuild their refurbished firmware > to make it better, the vendor should offer that. you've got my vote ;) > Recently someone ported a modern ARM-based Chromebook (ASUS C201, Veyron > Speedy) to use Libreboot, w/o blobs. That's another alternative to old > x86 systems, with different attacks. I'm not sure what's safer, ARM or > x86 these days. x86 BIOS/UEFI attackers are well-documented by > researchers, but ARM-based ones are less so, AFAICT. I'm unclear what's > safer from attackers, an old x86, or a modern ARM or AMD system. > http://firmwaresecurity.com/2015/08/13/libreboot-ported-to-modern-arm-chromebook/ it appears nothing is safe, and the effort is trivial to modest. #infosec > Blob-free and secure, that's my goal. BIOS -- even Libreboot's SeaBIOS > -- is not secure. this reminds me of the open hardware processor designs; yes - it is open! but, it lacks modern security features to assist operating system and application developers securing their systems... fun problems :) best regards,
