It is currently Sun Dec 10, 2017 4:01 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Coreboot (OSS bios firmware)
PostPosted: Fri Oct 27, 2017 3:06 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3886
Location: Sol3
For the more privacy minded, coreboot really is the sole critical path left to regain sovereignty over our BIOS based computing devices, IMHO.

The issues it deals with aren't new (e.g., see https://www.portablefreeware.com/forums/viewtopic.php?t=22213) and with practical oligopoly power in the hands of main CPU makers (AMD isn't exempt here, if you research further), it isn't going away anytime soon...

    Coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology.

To find supported hardware, look to the "Status" section of coreboot's wiki: https://www.coreboot.org/Welcome_to_coreboot.

In related info, find for yourself how hard it is for an expert hardware engineer to come up with ways to circumvent the gaping security risk that Intel IME really represents -- as the EFF had already warned us (https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it):


    https://puri.sm/learn/intel-me/ author wrote:
    The Intel Management Engine is a separate independent processor core that is actually embedded inside the Multichip Package on Intel CPUs. It operates all-by-itself and separate from the main processor, the BIOS, and the Operating system, but it does interact with the BIOS and OS kernel. It is a black box of mystery code at the lowest level, in ring -2, with complete control over every part of the system.
    The Management Engine, part of Intel AMT, is a separate CPU that can run and control a computer even when powered off.

FYI, this IME runs a full OS (Minix) -- complete with a Java based virtual machine... (https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Hardware)


Top
 Profile  
 
 Post subject: Re: Coreboot (OSS bios firmware)
PostPosted: Tue Oct 31, 2017 12:17 am 
Offline

Joined: Sat Apr 08, 2006 7:12 pm
Posts: 479
Location: Illinois/Indiana
I somehow overlooked this security issue and didn't know much about it before now. Good info and links. Thanks for posting.


Top
 Profile  
 
 Post subject: Re: Coreboot (OSS bios firmware)
PostPosted: Wed Nov 15, 2017 7:00 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3886
Location: Sol3
Further (bad) news regarding IME's security implications at http://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/.


Top
 Profile  
 
 Post subject: Re: Coreboot (OSS bios firmware)
PostPosted: Mon Dec 04, 2017 7:14 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3886
Location: Sol3
Related news from the portable hardware front:


    Quote:
    So yes, I do highly recommend the Librem 13. After all, regardless of whether you use the default Pure OS or a different distro, such as Ubuntu, your money is still supporting the Linux community and sending a message that you value privacy. Best of all, you are getting very solid hardware that should delight you for many years.


Top
 Profile  
 
 Post subject: Re: Coreboot (OSS bios firmware)
PostPosted: Fri Dec 08, 2017 1:00 pm 
Offline
User avatar

Joined: Sat Apr 19, 2014 12:52 am
Posts: 167
System76 is also making progress
http://blog.system76.com/post/168050597 ... dates-plan

_________________
Lintalist @ TPFC - Lintalist website - Source @ GH


Top
 Profile  
 
 Post subject: Re: Coreboot (OSS bios firmware)
PostPosted: Sun Dec 10, 2017 8:16 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3886
Location: Sol3
lintalist wrote:

    Nice. 8)

    Here's something from there supporting my concern...

      Proprietary code always makes life harder and Intel's Management Engine (ME) firmware is a particularly challenging chunk of secretive software. Thanks to issues identified by external security researchers, Intel initiated an audit of its ME firmware and discovered multiple critical vulnerabilities as described in SA-00086. Separately, researchers at Positive Technologies discovered an undocumented High Assurance Platform (HAP) settings in Intel ME firmware. HAP was developed by the NSA for secure computing.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group