On Sat, Nov 26, 2016 at 10:46:33PM +0000, ron minnich wrote:
[...] Every bootloader starts simple, and becomes an OS. Every single one starts with the intent of being small and compact and only supporting some needed subset of file systems/devices/protocols and ends up implementing everything.
And these bootloader filesystem/device/protocol implementations won't receive the same battle-testing that the drivers in Linux receive, since the bootloader versions are only used for such a short period of time during the system bring up. So in addition to greatly increasing the TCB, they also potentially introduce security vulnerabilities.
I'm in agreedment with Ron that the boot part of coreboot should have as few drivers as possible (basically only a TPM and maybe a 0x3f8 serial port). This reduces the TCB and makes more space available for the payload.
[...] Today's flash parts are more than large enough to do a good environment -- tinycore linux could be used, for example, once it was trimmed a bit. It's only about 12M today with a full X environment.
The 4MB flash in the older thinkpads is a little tight, but still sufficient for a text-based modern Linux kernel -- the biggest issue is the cryptsetup tool brings in quite a few dependencies right now, which complicates using it with a fully encrypted drive.
With 8-16 MB you can have a write-protected, interactive shell version that can mount a USB drive and run spiflash tools to recover from failures, and a second, read-write version that can be reflashed by the system's owner with all the fancy features.