Linux Foundation' Linux workstation security checklist
coderman
coderman at gmail.com
Tue Sep 1 10:03:14 PDT 2015
On 9/1/15, Blibbet <blibbet at gmail.com> wrote:
> ...
> I merely meant that BIOS didn't offer new security tech, that newer
> firmware tech does. My point was that Verified coreboot is stronger than
> Libreboot, and Ministry of Freedom could be using stronger open source
> tech in their product than they currently do. Eg, coreboot has Verified
> Boot mode, which is roughly like UEFI's Secure Boot, and can help
> protect the a blob-free system more than just Libreboot.
thank you for the clarification :)
> ... Users should not have to rebuild their refurbished firmware
> to make it better, the vendor should offer that.
you've got my vote ;)
> Recently someone ported a modern ARM-based Chromebook (ASUS C201, Veyron
> Speedy) to use Libreboot, w/o blobs. That's another alternative to old
> x86 systems, with different attacks. I'm not sure what's safer, ARM or
> x86 these days. x86 BIOS/UEFI attackers are well-documented by
> researchers, but ARM-based ones are less so, AFAICT. I'm unclear what's
> safer from attackers, an old x86, or a modern ARM or AMD system.
> http://firmwaresecurity.com/2015/08/13/libreboot-ported-to-modern-arm-chromebook/
it appears nothing is safe, and the effort is trivial to modest. #infosec
> Blob-free and secure, that's my goal. BIOS -- even Libreboot's SeaBIOS
> -- is not secure.
this reminds me of the open hardware processor designs; yes - it is
open! but, it lacks modern security features to assist operating
system and application developers securing their systems...
fun problems :)
best regards,
More information about the cypherpunks
mailing list