On 23.06.19 12:04, Hubert Ruch wrote:
On 6/23/19 12:00 PM, Stefan Reinauer via coreboot wrote:
Remember that the project was started by Los Alamos National Labs (LANL), the guys that also brought you the Manhattan Project. Contributions have also been made by the BSI (German version of the NSA) and their contractors.
Thanks for the info. Didn't know that. Now, one has to wonder how many skilled developers actually do read and understand their code.
Very few I assume. But for this particular contribution I can say that it will be an optional feature. Actually, an optional security feature for an optional feature (SMM). If you use your boot firmware to boot and not to hide secrets or to provide any other added "security", you are most likely safe :)
But due to this "optional" nature, I guess, there won't be many people reading the code.
IIRC Leah Rowe paid someone $90.000 for adding some code to LibreBoot. I'm mentioning this because it leads to the assumption that boot coding must be a pretty difficult task.
I do remember that too (roughly same number), but it wasn't about ad- ding code but about releasing it under the GPL. Nobody was paid for the review nor for improving the code during review. So it ended up as probably the worst code in our repository, IMO.
However, I don't understand your conclusion. If somebody works for one or two years on some code, they got to be paid. For the amount of code, that number seemed reasonable to me.
Also, my very personal opinion: "boot coding" is not a difficult task. Some vendors may try to make you think that it is, so nobody learns how they do it. Others may make it hard by not providing the necessary docu- mentation. Imagine you would want to write a compiler for x86 but its instructions weren't documented? Does that make compiler development hard per se? I don't think so.