On 3/6/10 8:28 PM, Carl-Daniel Hailfinger wrote:
On 06.03.2010 19:52, ron minnich wrote:
It would be nice, if a flashrom is in there, to also have some sort of security too I think.
Something that is not as easily compromised as the stuff that's out there now, which relies on security through obscurity.
Is it even possible?
Well, I implemented signature checking for coreboot (so that only signed payloads would be executed).
When coresystems developed our first version of hard crypto signature checking for firmware in 2007/2008 we explicitly decided to not check the payload but only let the payload check further stages. The reason was that if you're able to compromise the flash chip, you're able to reprogram coreboot just as well as the payload. Also, we didn't want feel comfortable to duplicate the amount of crypto code in the flash, and there is no serious mechanism around that protects only the bootblock, at least not on commonly used systems.
So I'm interested to hear your reasons to do this in coreboot itself... Is your code publically available somewhere?
Regards, Stefan