20 Mar
2008
20 Mar
'08
4:46 p.m.
On Thu, Mar 20, 2008 at 09:40:11AM -0700, ron minnich wrote:
On Thu, Mar 20, 2008 at 9:27 AM, Peter Stuge peter@stuge.se wrote:
Currently v3 looks for segments until a segment cannot be found.
This is counterintuitive and potentially a security hole, I think we will fix it but so far I think everything works anyway.
I don't quite get counterintuitive but hey ...
User stores a payload with n segments into flash, uses a coreboot tool (lar) to do so, and yet information is lost until coreboot run time when the payload is to be executed.
security hole? the whole bios is that :-)
Think flashing over padding files with a rouge segment.
//Peter