14 Feb
2015
14 Feb
'15
3:15 a.m.
Kevin O'Connor wrote:
This patch in particular guarantees that no matter what devices are plugged in (e.g. long after the BIOS has been flashed) they will not have their option ROMs executed.
That makes sense, but I think it needs to be a runtime setting.
Timothy's original approach is appealing more and more to me. It's a good way to know that the system will stay as it was when flashed.
Runtime setting - the argument there would be that if someone can change the flash contents to create a new CBFS file they could also replace the SeaBIOS payload, right?
It is sortof true, but it *is* slightly easier to write data into erased flash than to erase existing and then write something new.
//Peter