On 30.04.2009 0:53 Uhr, Peter Stuge wrote:
svn@coreboot.org wrote:
fix poweroff command on intel platforms, and add bios flash locking example.
Can you say something about the purpose of these functions in the FILO bootloader? :)
I'm not so much critical as I am curious.
Poweroff is just a feature for the bootloader. It started out by me debugging why poweroff through ACPI was not working. The code serves as an example for all the requirements, without an ACPI system running. Plus, it's nice to not have to start an OS to do soft power off. Now you can just say poweroff and reboot in FILO and it will do what you expect.
The flash protection code started out as a test for my SMM handler. It is not particularly useful as is. But it allows you to decide in the boot process whether the OS you are loading will be allowed to do flash updates. Since FILO does the choice which OS to load, it might also want the choice to deny flash updates; in case someone wants to add loading of signed kernels, and disable flash updates for incorrect signatures, or some other hypothetical security measures. Putting this code in Linux is too late for a chain of trust, and putting it into coreboot would mean we have to have some callback mechanism for that feature. Both is not very appealing, so the code ended up in FILO. This code has been living in our repository for quite a while, and I think it might be interesting to look at, as it implements a protection scheme well known from other BIOS brands. So, now, coreboot can do it, too. As far as I can tell, SMM protection is the only really reliable and non-security-by-obscurity solution to prevent flash writes. GPIOs are interesting to power-off devices in a power-managed environment, but not for security.
However, I am looking for input and feedback, which is the main reason this went into the tree. :-)
Stefan