On 5/14/19 3:17 PM, Patrick Georgi via coreboot wrote:
On 5/14/19 Chris Laprise wrote:
There are also several (apparently out-of-tree) patches referenced on the G505s howto:
http://dangerousprototypes.com/docs/Lenovo_G505S_hacking
I'll have to get signatures or similar type of verification for these as well. Any help in this regard would be appreciated.
I can understand the value in having releases signed as they are somewhat officially attached to a project. But for random patches your best bet will be to analyze their content, not their origin.
I might put firmware code analysis on my bucket list for the next life, if I convert to Buddhism. :)
When I look at review.coreboot.org and the patches have logged commits (ostensibly, these are at least hashed) and I see "Patrick Georgi" as reviewer... there is no assurance of fidelity from those records?