[coreboot] Verify option rom non-execution?
Taiidan at gmx.com
Taiidan at gmx.com
Sat Nov 11 00:11:56 CET 2017
Hi! how can I verify the non-execution of option roms? I recently
noticed that I had somehow turned that on with one of my latest compiles
(without yabel secure mode either)
The idea is that a hostile firmware update could flash a PCI-e card
assigned to a VM and then mess with the host after the PC is rebooted
(can be solved by using SR-IOV devices, but KGPE-D16/KCMA-D8 lacks
SR-IOV support in coreboot despite the chipset supporting ARI)
I realize that I am a nobody and this is very unlikely to happen but OFC
I still want max security >:3
More information about the coreboot
mailing list