Ok, I'm not going to get too far into this, because I'm no real security expert, but:
> > - Using some operating system unencrypted - boot from a CD.No, this should illustrate my thoughts ... so you can tell me *where* I'm
> > - Protect the boot order - reset the CMOS.
> > - Store important information in the CMOS.
> Neither is this.
wrong.That's ok. It's a "normal" OS that has to be started.
> Coreboot will unconditionally launch its payload, so your interest should go
> there.That's possible, and that's why I'm asking here!
> Maybe you are also caught up too much in the conventional boot
> process;
I don't know that many ways to boot a machine - use ROM; use a BIOS and
another medium; and that's it.
Is there some easy solution I don't see?
And just storing everything in ROM is a bit ... costly, and doesn't help
against *getting* the secrets.
Using some cheap substitute like flash memory only moves the problem from one
location to another ...