Le mercredi 30 janvier 2019 à 13:07 +0630, Frank Beuth a écrit : > Apologies if this is getting offtopic, but: one author suggested that > modern > versions of Coreboot could (in absence of Intel ME or AEM) reduce > Evil Maid > attacks to physical attacks requiring the attacker to open the laptop > and > physically reflash the SPI flash. > > Does this sound correct?
When flashing Coreboot for the first time, you usually need an SPI flash cable with physical access to hardware. On some low-end boards, you may flash directly without physical access. Once Coreboot is installed, you can reflash your bios within GNU/Linux using flashbios utility. In this case, Coreboot offers no bios protection. Coreboot developers have beend asked for a password protection, but they think it is useless and will not develop such a feature. The advantage of Coreboot is that it claims to be able to disable or limit Intel ME backdoor. In recent versions, Coreboot embeds Intel blobs, so installing a limited version of Intel ME might not be sufficient to completely disable it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6f0b9fbb3c131a97ea71fed7b88660adcc181de4.camel%40mailbox.org. For more options, visit https://groups.google.com/d/optout.
