At one of the last coreboot leadership meetings, the idea of a
coreboot security team was brought up.
We'd like to build a group to look at coreboot's source code with an
eye on security, respond to issues on the security mailing list, help
fix security-related issues, and shepherd security related patches
through gerrit. Additionally we'd like upcoming features to go
through this group to look for possible security issues.
This team would preferably be a mix of some of the senior coreboot
developers, firmware/software security researchers, and industry
I know that many of the companies working on coreboot have dedicated
security teams. It would be great if a couple of these companies
could be convinced to assign individuals to spend a few hours a week
on the coreboot project.
If anyone would be interested in being on this team, or knows someone
who would be good in this role, please reach out.