On 9/1/15, Blibbet <blibbet@gmail.com> wrote:
... I merely meant that BIOS didn't offer new security tech, that newer firmware tech does. My point was that Verified coreboot is stronger than Libreboot, and Ministry of Freedom could be using stronger open source tech in their product than they currently do. Eg, coreboot has Verified Boot mode, which is roughly like UEFI's Secure Boot, and can help protect the a blob-free system more than just Libreboot.
thank you for the clarification :)
... Users should not have to rebuild their refurbished firmware to make it better, the vendor should offer that.
you've got my vote ;)
Recently someone ported a modern ARM-based Chromebook (ASUS C201, Veyron Speedy) to use Libreboot, w/o blobs. That's another alternative to old x86 systems, with different attacks. I'm not sure what's safer, ARM or x86 these days. x86 BIOS/UEFI attackers are well-documented by researchers, but ARM-based ones are less so, AFAICT. I'm unclear what's safer from attackers, an old x86, or a modern ARM or AMD system. http://firmwaresecurity.com/2015/08/13/libreboot-ported-to-modern-arm-chrome...
it appears nothing is safe, and the effort is trivial to modest. #infosec
Blob-free and secure, that's my goal. BIOS -- even Libreboot's SeaBIOS -- is not secure.
this reminds me of the open hardware processor designs; yes - it is open! but, it lacks modern security features to assist operating system and application developers securing their systems... fun problems :) best regards,