On Fri, Aug 23, 2019 at 10:32 PM Patrick Georgi pgeorgi@google.com wrote:
On Fri, Aug 23, 2019 at 10:23:06PM +0300, Kyösti Mälkki wrote:
Is everything still under non-disclosure about those made compromises, or is someone willing to reveal in public what we should expect this time?
I don't know timelines, decisions made or agreements under which these were made (e.g. NDAs).
I'll point out the thread to people who may know more, but I can't promise a response given that I don't know the constraints.
Sometimes it is not that I didn't know who to ask, but that I receive partial answers in private email exchange. Since they know I am not under their NDA, any information they give me in private emails should equally be available to other developers. And yes, it's not really my problem if they are breaching or bending their NDA, it's theirs. I read several paragraphs about this vboot/verstage running on PSP and all that should have just appeared under Documentation/ instead.
Regarding this thread; at least the question about toolchain remains without an answer. If we go back to early amd/stoneyridge, the first iteration wanted to call (unverified but possibly read-only) AGESA blob from within bootblock, before verstage. I believe the approach was vetoed and rejected by some security advisory team at Chromium, invalidating perhaps a couple month's worth of development work? We are dealing with verstage here again, I want confirmations that the compromises get evaluated before we put more effort on attempts to merge the work.
Kind Regards, Kyösti Mälkki