libreboot not supporting post-2008 Intel hardware?

Blibbet blibbet at gmail.com
Mon Jan 11 08:18:14 PST 2016


> There are similar concerns about AMD from Joanna Rutkowska:
> http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
> pp 44-45

Yes, I *really* wish there were more AMD64/ARM32/ARM64 experts, most
seem to focus on x86/x64. Even at AMD and ARM.

If Linaro finishes porting LUV-live (including BITS, CHIPSEC, FWTS) from
Intel to AArch64, CHIPSEC will run on ARM, and the UEFI tests will work,
but there won't be any new ARM64-centric security tests, as the few
dozen Intel-centric ones won't apply to ARM boxes. We need some
arch-centric security experts to create a list of security tests, like
Intel ATR team does with chipsec_main security modules.

One interesting thing about AMD64 is -- *I think* -- that some boards
have blob-free options in the coreboot tree, not relying on AGESA
binaries. That is something, for the blob-concerned community. Fewer
blobs than Intel FSP. Unclear which models, and which branches of the
coreboot tree to look at, and if any of those models have modern
supplies of hardware, or are ancient.

There *are* blob-free ports of Libreboot to modern ARM boxes, some
Chromebooks. And Olimex is apparently working on an ARM64 open source
chip, and laptop, that might be interesting.

Also, the SeaBIOS project is adding TPM and other security features in
recently, it'll be interesting to see that BIOS added to some Libreboot
and other systems, for security + configurability, not just the latter.

Hopefully 2016 will get some OEM to bring us a Stateless x86 Laptop, and
a RISC-V-based laptop. And more Novenas.

Lee
RSS: http://firmwaresecurity.com/feed




More information about the cypherpunks mailing list