On Mon, Jan 9, 2017 at 11:30 AM, Nico Huber nico.h@gmx.de wrote:
Without pro- per, public documentation and the promise by the vendor that this docu- mentation is correct _and_ comprehensive, we can't tell anything about the state of the hardware...
beside the RAM contents and the program we are executing. And this is where coreboot does a much better job, IMO. Given that most host firm- ware stays active during runtime of the OS, I don't see any point in running open-source software for security reasons if there's proprie- tary software running on the same CPU in a higher privilege level.
And at the very least we can verify that the blobs are what we think they are ("good enough" if we can trust the blob's origin) and maintain some semblance of control in privileged mode.
Obviously full documentation and source are best. But in our imperfect world with blobs I think the more relevant question to ask is what can be done before and after the blobs are run. Being able to build a full image with coreboot gives us some options, and having a relatively simple codebase with a decent eyeball-to-code ratio helps. As Nico said it's pointless to run OSS for security if the best you can do is run in less privileged mode with proprietary software in full control.