libreboot not supporting post-2008 Intel hardware?
coderman
coderman at gmail.com
Mon Jan 11 09:22:34 PST 2016
On 1/11/16, Blibbet <blibbet at gmail.com> wrote:
>...
> Yes, I *really* wish there were more AMD64/ARM32/ARM64 experts, most
> seem to focus on x86/x64. Even at AMD and ARM.
have you played with USB Armory yet? it's my new favorite ARM platform.
https://github.com/inversepath/usbarmory
> If Linaro finishes porting LUV-live (including BITS, CHIPSEC, FWTS) from
> Intel to AArch64, CHIPSEC will run on ARM, and the UEFI tests will work,
> but there won't be any new ARM64-centric security tests, as the few
> dozen Intel-centric ones won't apply to ARM boxes. We need some
> arch-centric security experts to create a list of security tests, like
> Intel ATR team does with chipsec_main security modules.
the joy of ARM is avoiding all the usual platform UEFI, CHIPSEC, etc!
the parts of ARM which i enjoy more are the secure boot with signed
boot images. of course, if you're not a developer this is less
compelling.
this all uses TrustZone and fuse memory, under the hood:
http://genode.org/documentation/articles/usb_armory
https://github.com/inversepath/usbarmory/tree/master/software/secure_boot
> One interesting thing about AMD64 is -- *I think* -- that some boards
> have blob-free options in the coreboot tree, not relying on AGESA
> binaries.
if you find any, let me know! i don't believe they exist.
also, BIOS security on AMD may be even worse than Intel.
use an external SPI flash programmer, not a built in one, in that case.
> That is something, for the blob-concerned community. Fewer
> blobs than Intel FSP. Unclear which models, and which branches of the
> coreboot tree to look at, and if any of those models have modern
> supplies of hardware, or are ancient.
those blob concerned are going to be increasingly disappointed into
the future. on the other hand, for those with heirloom device funds,
check out Librem:
https://www.crowdsupply.com/purism/librem-13
> There *are* blob-free ports of Libreboot to modern ARM boxes, some
> Chromebooks. And Olimex is apparently working on an ARM64 open source
> chip, and laptop, that might be interesting.
you're aware of Novena, too? :)
https://www.crowdsupply.com/sutajio-kosagi/novena
> Also, the SeaBIOS project is adding TPM and other security features in
> recently, it'll be interesting to see that BIOS added to some Libreboot
> and other systems, for security + configurability, not just the latter.
indeed!
> Hopefully 2016 will get some OEM to bring us a Stateless x86 Laptop, and
> a RISC-V-based laptop. And more Novenas.
i'm playing with stateless lenovo via USB Armory as OS fill via USB.
not quite what you're asking, but might be a nice stop-gap for those
seeking better boot authenticity...
best regards,
More information about the cypherpunks
mailing list