Re: [SeaBIOS] SeaBIOS security feature roadmap?
>> I wish SeaBIOS documentation included a table comparing BIOS security >> features of all modern implementations, bare-metal and virtualized, to >> compare SeaBIOS's features with other BIOS implementations. > > There is a Wikipedia article that compares SeaBIOS to other > proprietary BIOS implementations. I don't have direct knowledge on > the features of proprietary BIOS, so can't help with a direct > comparison. > > https://en.wikipedia.org/wiki/BIOS_features_comparison Thanks very much for this pointer, Kevin! That table seems to be nearly the same as: https://en.wikipedia.org/wiki/BIOS#Vendors_and_products Maybe there should be row showing SeaBIOS's TPMv1 and new TPMv2 features, with question marks next to the closed-source vendors, as well as mention in the Security section later on. Maybe rows showing VMM usage of BIOS, where SeaBIOS has more coverage than closed-source options. And the Alternatives section mentions coreboot, but no mention of SeaBIOS payload version. The table shows that only SeaBIOS has on Password, the others do. Strange small security feature that SeaBIOS doesn't have. And strange to see in table that only SeaBIOS has no Setup Screen, yet I seem to have noticed some TPM UI menu changes recent TPMv2 checkin. And there's no columns for Intel's BIOS reference implementation, or qboot. And back to my original query for a SeaBIOS security roadmap, I guess the Wikipedia SeaBIOS feature page is best for this, at least it mentions TPM. https://en.wikipedia.org/wiki/SeaBIOS Thanks again. ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
On 01/12/2016 11:36 AM, Kevin O'Connor wrote: [...] > As far as a roadmap, I understand there is a plan to add TPM 2.0 > support to SeaBIOS. > > I'm not aware of any new consumer devices shipping with the support, > and I understand that KVM/QEMU have had TPM support for some time > already. > > Cheers, > -Kevin Thanks for the info, mentioned results here, including today's TPMv2 checking news: http://firmwaresecurity.com/2016/01/15/seabios-gets-tpm2-security/ It sounds like some Chromebooks have SeaBIOS with TPMv1, unclear which OEM devices/models. I'm still interested in a list of other consumer devices with SeaBIOS and additional security, to point to in blog. I wish SeaBIOS documentation included a table comparing BIOS security features of all modern implementations, bare-metal and virtualized, to compare SeaBIOS's features with other BIOS implementations. Thanks! Lee http://firmwaresecurity.com/feed ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
Blibbet wrote: > It sounds like some Chromebooks have SeaBIOS with TPMv1 As far as I know all Chromebooks use their own payload which implements verified boot. The root of trust is the write-protected SPI flash. It is very well documented on the chromium website, you would only have to do very basic research to find it, which makes it very difficult for anyone to take your effort seriously. Please move along. //Peter ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
On 01/15/2016 01:14 PM, Peter Stuge wrote: > [...] It is very well documented on the chromium website, you > would only have to do very basic research to find it, which makes it > very difficult for anyone to take your effort seriously. Please move > along. Yes, I don't own a Chromebook, and I didn't fully research SeaBIOS consumer implementations, sorry. I'm learning SeaBIOS and coreboot, coming from a UEFI background. Thanks for your patience. :-) Lee ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
On Fri, Jan 15, 2016 at 12:38:12PM -0800, Blibbet wrote: > On 01/12/2016 11:36 AM, Kevin O'Connor wrote: > [...] > > As far as a roadmap, I understand there is a plan to add TPM 2.0 > > support to SeaBIOS. > > > > I'm not aware of any new consumer devices shipping with the support, > > and I understand that KVM/QEMU have had TPM support for some time > > already. > > > > Cheers, > > -Kevin > > Thanks for the info, mentioned results here, including today's TPMv2 > checking news: > > http://firmwaresecurity.com/2016/01/15/seabios-gets-tpm2-security/ > > It sounds like some Chromebooks have SeaBIOS with TPMv1, unclear which > OEM devices/models. I'm still interested in a list of other consumer > devices with SeaBIOS and additional security, to point to in blog. Google has been big on the TPM devices, so I thought all the chromebooks had them, but I don't know for sure. > I wish SeaBIOS documentation included a table comparing BIOS security > features of all modern implementations, bare-metal and virtualized, to > compare SeaBIOS's features with other BIOS implementations. There is a Wikipedia article that compares SeaBIOS to other proprietary BIOS implementations. I don't have direct knowledge on the features of proprietary BIOS, so can't help with a direct comparison. https://en.wikipedia.org/wiki/BIOS_features_comparison -Kevin ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
Re: [SeaBIOS] SeaBIOS security feature roadmap?
Hi, On Wed, Jan 06, 2016 at 03:22:24PM -0800, Blibbet wrote: > Hi, > > I'm pretty new to the SeaBIOS codebase. I've noticed a lot of > interesting TPM-centric checkins recently.I was wondering if there was > any roadmap for current/upcoming SeaBIOS security features. I'd be > especially interested in any consumer devices that may have this > enhanced BIOS security in their devices (or VMs). I haven't found > anything on the topic, any pointers appreciated. I think most consider > BIOS still consider to be "insecure", so I'd like to be able to note > some BIOS security improvements, and where people can find them and use > these features. > > Thanks, > Lee > RSS: http://firmwaresecurity.com/feed As far as a roadmap, I understand there is a plan to add TPM 2.0 support to SeaBIOS. I'm not aware of any new consumer devices shipping with the support, and I understand that KVM/QEMU have had TPM support for some time already. Cheers, -Kevin ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
[SeaBIOS] SeaBIOS security feature roadmap?
Hi, I'm pretty new to the SeaBIOS codebase. I've noticed a lot of interesting TPM-centric checkins recently.I was wondering if there was any roadmap for current/upcoming SeaBIOS security features. I'd be especially interested in any consumer devices that may have this enhanced BIOS security in their devices (or VMs). I haven't found anything on the topic, any pointers appreciated. I think most consider BIOS still consider to be "insecure", so I'd like to be able to note some BIOS security improvements, and where people can find them and use these features. Thanks, Lee RSS: http://firmwaresecurity.com/feed ___ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
