Good list: Yeeloong, Coreboot, Opencores, etc. This book isn't bad for explaining some of the general problems: http://www.amazon.com/Embedded-Systems-Security-Practical-Development/dp/0123868866
In addition to UEFI alternatives, I'd also argue that we need to fix UEFI, to handle the use case of citizens, not just NIST, MSFT, and APPL. We need to get OEMs to ship boxes which are signed by Linux OS orgs, not just MSFT and APPL.
Secure Boot is currently only targets Win8, until OEMs build systems which have firmware signed by a Linux vendor. The current options for UEFI and Linux have fragmented this community, Ubuntu, Redhat, SUSE all going different ways, and Linux Foundation providing a patch that makes Secure Boot useless as a security feature for Linux.
I wonder if UEFI's currernt architecture could be improved, so that it could enable >1 OS vendor to sign the firmware, unlike today, where it requires a single OS vendor to sign, as I understand. Could the crypto foo that enables measuring a Secure Boot also work if there was more than 1 OS vendor target option? Right now, with only a single OS vendor signing a firmware image, it works well towards restricting OS alternatives to the user. The complexity of an OEM getting fw images signed by RedHat, Canonical, Attachmate/Novell, etc would be prohibitive for them to provide any options by Windows.
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
