[coreboot] QubesOS 4 hardware requirements
Trammell Hudson
hudson at trmm.net
Thu Jul 21 12:41:21 CEST 2016
Exciting news from the team at Qubes:
https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
> Another important requirement we’re introducing today is that
> Qubes-certified hardware should run only open-source boot firmware
> (aka "the BIOS"), such as coreboot. The only exception is the use of
> a (properly authenticated) CPU-vendor-provided blobs for silicon and
> memory initialization (see Intel FSP) as well as other internal
> operations (see Intel ME). However, we specifically require all code
> used for and dealing with the System Management Mode (SMM) to be
> open-source.
>
> While we well recognize the potential problems that proprietary
> CPU-vendor code can cause, we are also pragmatic enough to realize
> that we need to take smaller steps first, before we can implement
> even stronger countermeasures such as the stateless laptop I
> proposed a few months ago. A switch to open source boot firmware is
> one such very important step on this roadmap.
>
> Of course, to be compatible with Qubes OS, the BIOS must properly
> expose all the VT-x, VT-d, and SLAT functionality that the
> underlying hardware offers (and which we require). Among other
> things, this implies proper DMAR ACPI table construction.
--
Trammell
More information about the coreboot
mailing list