On Wed, Jan 30, 2019 at 11:00:25AM +0100, Alexandre Belgrand wrote:
After flashing coreboot, your bios is wide open for reflashing.
Personally, this is what stops me from adopting Coreboot.
See the recent thread on the Coreboot list about this:
On 1/30/19 4:45 PM, Alexandre Belgrand wrote:
Le mercredi 30 janvier 2019 à 12:38 +0100, Maillist a écrit :
Only if you configure it that way.Also, even if you do, you wanna
make
sure it only accepts updates signed by your personal key.
Interesting. Could you point out the documentation
Le jeudi 31 janvier 2019 à 14:21 +0100, Maillist a écrit :
> INTEL_CHIPSET_LOCKDOWN
Nice feature. This makes impossible to update BIOS without physical
access to the chip. I was unaware of this feature, thanks.
--
You received this message because you are subscribed to the Google Groups
Hello,
i woulnd be aware of any documentation regarding this, except this:
https://coreboot.org/status/kconfig-options.html
The option you want to set while configuring coreboot is, depending on
your goal:
INTEL_CHIPSET_LOCKDOWN
and:
LOCK_SPI_FLASH_NO_ACCESS
Quote from the Documentation:
Yes, that is correct.
On 1/30/19 4:33 AM, Frank Beuth wrote:
> On Tue, Jan 29, 2019 at 10:09:23PM -0500, Chris Laprise wrote:
>> On 1/29/19 8:59 PM, Frank Beuth wrote:
>>> Can someone explain the interaction between Anti Evil Maid/HEADS and
>>> the Intel Management Engine to me?
>>>
>>> I read an
On Tue, Jan 29, 2019 at 10:09:23PM -0500, Chris Laprise wrote:
On 1/29/19 8:59 PM, Frank Beuth wrote:
Can someone explain the interaction between Anti Evil Maid/HEADS and
the Intel Management Engine to me?
I read an article which stated that disabling Intel ME also prevents
installing AEM
Le mercredi 30 janvier 2019 à 12:38 +0100, Maillist a écrit :
> Only if you configure it that way.Also, even if you do, you wanna
> make
> sure it only accepts updates signed by your personal key.
Interesting. Could you point out the documentation explaining how.
Thanks.
--
You received this
Only if you configure it that way.Also, even if you do, you wanna make
sure it only accepts updates signed by your personal key.
cheers
On 1/30/19 11:00 AM, Alexandre Belgrand wrote:
> Le mercredi 30 janvier 2019 à 15:50 +0700, Frank Beuth a écrit :
>> Apologies again if this is offtopic, but
Le mercredi 30 janvier 2019 à 15:50 +0700, Frank Beuth a écrit :
> Apologies again if this is offtopic, but it sounds like there is a
> way to
> disable software reflashing of Coreboot entirely? Or am I
> misinformed?
https://doc.coreboot.org/flash_tutorial/index.html
Quoting : "Updating the
On Wed, Jan 30, 2019 at 09:02:57AM +0100, Alexandre Belgrand wrote:
Once Coreboot is installed, you can reflash your bios within GNU/Linux
using flashbios utility. In this case, Coreboot offers no bios
protection. Coreboot developers have beend asked for a password
protection, but they think it
Le mercredi 30 janvier 2019 à 13:07 +0630, Frank Beuth a écrit :
> Apologies if this is getting offtopic, but: one author suggested that
> modern
> versions of Coreboot could (in absence of Intel ME or AEM) reduce
> Evil Maid
> attacks to physical attacks requiring the attacker to open the
On 1/29/19 8:59 PM, Frank Beuth wrote:
Can someone explain the interaction between Anti Evil Maid/HEADS and the
Intel Management Engine to me?
I read an article which stated that disabling Intel ME also prevents
installing AEM (and related technologies), but I am not sure why (or if
this is
Can someone explain the interaction between Anti Evil Maid/HEADS and the Intel
Management Engine to me?
I read an article which stated that disabling Intel ME also prevents installing
AEM (and related technologies), but I am not sure why (or if this is really
true). Is ME needed to access the
13 matches
Mail list logo