Hi, since it has been decided that the "signed BIOS" method will be used, let me comment on one thing that smells fishy in the implementation proposal:
Ivan Krstić wrote: > Instead, the EC boots with the SPI #WE enabled, but can receive a > special instruction that permanently disables the line until the EC is > rebooted (without the ability to re-enable it until then). > [...] > 4. Fully regardless of the previous-step, LB always signals the EC to > disable the SPI #WE before kexecing the regular kernel. The special instruction to permanently disable #WE can't be that special because the EC code also has to be able to reenable #WE on reboot. So #WE is indeed not disabled permanently. It all depends on the EC *thinking* that the machine has been rebooted. If you hope this can be made secure, please read up on the Intel CPUID disaster. The problem was similar: If CPUID reading has been disabled once, disallow reading it until a reboot. Hackers tricked the system into thinking it had rebooted and could read the CPUID just fine. Now the prize question is: Can we be absolutely sure the EC code can't be tricked the same way? Regards, Carl-Daniel _______________________________________________ Devel mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/devel
